SR-B42009 · Issue 304044
Authentication timeout smoothed for re-login
Resolved in Pega Version 7.3
If custom authentication was used with a stream specified to enter credentials upon authentication timeout, re-login failed after the timeout. This was traced to two issues: first, the custom configuration defaulted to using the out-of-the-box stream "Web-TimeOut", which expects the password to be in base64 encoded format and so attempts to base64 decode it. This caused an authentication failure. Second, when restarting with authentication instead of a timed-out request, the starting activity of operator was being executed and the portal was rendered unexpectedly. To resolve this, the object references needed for the successful resumption will be cloned when there is authentication timeout and used for redirection upon successful authentication.
SR-B43182 · Issue 301518
pzSUS Param properly URLEncoded
Resolved in Pega Version 7.3
The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.
SR-B44199 · Issue 300058
Fixed Access Control Policy in Assign- classes
Resolved in Pega Version 7.3
An error was generated when attempting to create an Access Control Policy in Assign- classes. This was due to a missing use-case, and has been corrected.
SR-B44199 · Issue 299984
Fixed Access Control Policy in Assign- classes
Resolved in Pega Version 7.3
An error was generated when attempting to create an Access Control Policy in Assign- classes. This was due to a missing use-case, and has been corrected.
SR-B44199 · Issue 297134
Fixed Access Control Policy in Assign- classes
Resolved in Pega Version 7.3
An error was generated when attempting to create an Access Control Policy in Assign- classes. This was due to a missing use-case, and has been corrected.
SR-B6669 · Issue 279329
XSS filters added to UI rulesets
Resolved in Pega Version 7.3
XSS filters have been added to pyCaseActionArea and pyAssignmentsLabel in Pega-EndUserUI and UIKit rulesets.
INC-183706 · Issue 685830
Added null check for DynamicAppenders
Resolved in Pega Version 8.7.1
Null pointer exceptions were seen for Pulse. This has been resolved by adding a null check in the DSS save/update process.
INC-185117 · Issue 680899
Check added to disable offset support for older versions of Oracle
Resolved in Pega Version 8.7.1
An ORA-00933 error was generated after upgrading from Pega 7.1 to Pega 8.5. This was traced to a conflict between Oracle 11g and the Pega 8.5 platform related to an OFFSET statement being added to a query for a version of Oracle that doesn't support it. The preferred solution is to upgrade Oracle to address this, but in order to support backwards compatibility a check has been added which will disable offset support in Oracle if productversion <=11.
INC-202677 · Issue 698989
Handling added for missing expose.accessGroup property
Resolved in Pega Version 8.7.1
After exposing an existing page group and page list properties along with single value properties using a declare index, running the Column Populator tool prpcServiceUtils to populate the historical data resulted in the single value properties being updated in the exposed column properly, but the page group and page list properties were not updated in the declare index table. On new case creation the declare index tables were updated. This was traced to the default expose.accessGroup not being set for the user, and has been resolved by adding a check and handling that will add the missing property in prpcserviceutils.properties defining the access group for the Rule-Declare-Index of the classes being exposed if it is not present.
INC-164432 · Issue 696293
Global obfuscation key initialized on first requestor call
Resolved in Pega Version 8.7.1
When using URLEncryption = true and SubmitObfuscatedURL = optional, attempting to export an Excel spreadsheet resulted in the error "Invalid character found in the request target". This was traced to the variable pega.d.globalobfuscateKey having a null value which was then converted to a byte array and decoded, generating improper characters in the URL. After a browser refresh, the correct value was set in pega.d.globalobfuscateKey and the export worked as expected. To resolve this, an update has been made to initialize the key on the very first call in PRRequestorImpl when the global obfuscation key is determined to be NULL instead of initializing the global obfuscation key by on-demand basis from HTTPAPI.