INC-219233 · Issue 716175
ReportStats delete query performance improvements
Resolved in Pega Version 8.7.2
A database connection spike was maxing out the allowed database connections, causing login delays and termination of stream nodes. Investigation traced this to the delete query on pr_log_reportstats, which was a full table scan generated from SQLGeneratorPostgres.purgeTableContainingClass. To improve performance, the full table scan sub-query has been removed and 'limit' syntax has been added to run the necessary deletion in batches.
INC-219453 · Issue 715998
Security update enhanced to support custom implementations of InvokeAxis2
Resolved in Pega Version 8.7.2
The QueueProcessor activity indirectly invokes a Connect-SOAP. After installing the Security A22 patch, custom implementations on InvokeAxis2 reported runtime failure. This has been resolved by replacing reflection library use with explicit type checking and casting to get the array length in step 14 of InvokeAxis2.
INC-219627 · Issue 715994
InvokeHTTPConnector security updated
Resolved in Pega Version 8.7.2
"Allow invocation from browser" has been disabled for InvokeHTTPConnector, and "Require authentication to run" has been enabled. In addition, an unsafe reflection used to load JCIFS libraries for NTLM operations has been removed, which removes support for custom JCIFS libraries in Connect HTTP.
INC-219995 · Issue 717159
Security update enhanced to support custom implementations of InvokeAxis2
Resolved in Pega Version 8.7.2
The QueueProcessor activity indirectly invokes a Connect-SOAP. After installing the Security A22 patch, custom implementations on InvokeAxis2 reported runtime failure. This has been resolved by replacing reflection library use with explicit type checking and casting to get the array length in step 14 of InvokeAxis2.
INC-220031 · Issue 717168
Security update enhanced to support custom implementations of InvokeAxis2
Resolved in Pega Version 8.7.2
The QueueProcessor activity indirectly invokes a Connect-SOAP. After installing the Security A22 patch, custom implementations on InvokeAxis2 reported runtime failure. This has been resolved by replacing reflection library use with explicit type checking and casting to get the array length in step 14 of InvokeAxis2.
INC-220137 · Issue 715266
UpdateDateTime casing corrected in filters
Resolved in Pega Version 8.7.2
When using Job Scheduler with MS/SQL, the error "Cannot find either column 'mktdata' or the user-defined function or aggregate 'mktdata.pr_read_from_stream', or the name is ambiguous." This was traced to a casing issue and has been resolved by updating the pxupdatedatetime property to pxUpdateDateTime in Filters F1 and F2.
INC-182827 · Issue 691527
URL security updated
Resolved in Pega Version 8.7.2
Security has been updated for URL tampering defense and Rule Security Mode.
INC-186897 · Issue 705203
DSS DisableAutoComplete setting honored
Resolved in Pega Version 8.7.2
Setting DisableAutoComplete DSS was not working as expected. This was traced to the system not being able to read the DSS value due to timing related to database startup, and has been resolved by directing the system to read the setting in PREnvironment.java instead of from the prconfig.
INC-198571 · Issue 708633
SSO update
Resolved in Pega Version 8.7.2
In order to ensure shared SSO direct links are used as intended, an update has been made which will explicitly require re-authentication for each use of a direct link.
INC-202702 · Issue 713724
Ruleset creation process updated to maintain thread scope
Resolved in Pega Version 8.7.2
On creating a ruleset, the system generated the error "There has been an issue. Please consult your system administrator." If browser cookies and site settings were cleared and the browser was relaunched before logging in and creating a ruleset, the issue did not occur. Investigation showed that the Application page was at the Requestor scope for some of the threads due to handling in the ruleset creation process that removed the Application page and recreated it in the default scope of the thread with the latest state. To resolve this, the process for deleting the Application page and recreating it on the Requestor page has been removed.