SR-A97323 · Issue 266550
XSS filtering added to pzDisplayModalDialog
Resolved in Pega Version 7.3
XSS filtering has been added to the pzDisplayModalDialog to improve security.
SR-B10697 · Issue 282917
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.
SR-B10697 · Issue 280753
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.
SR-B10889 · Issue 281494
Resolved DATA-ADMIN-LOOKUPLIST authentication error
Resolved in Pega Version 7.3
After upgrade, the security access error "You lack access required to execute RULE-OBJ-ACTIVITY DATA-ADMIN-LOOKUPLIST was encountered while performing an obj-save during the creation of a Modal operator ID. This was traced to a difference in how an authentication activity was called, and has been fixed.
SR-B10947 · Issue 280020
pzSUS Param properly URLEncoded
Resolved in Pega Version 7.3
The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.
SR-B11243 · Issue 284444
XSS handling added for ShowSelectedPortal in RedirectRun
Resolved in Pega Version 7.3
XCC handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.
SR-B11243 · Issue 288261
XSS handling added for ShowSelectedPortal in RedirectRun
Resolved in Pega Version 7.3
XSS handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.
SR-B1132 · Issue 274302
SOAP simulations restored
Resolved in Pega Version 7.3
SOAP simulations were not executed as expected due to the hard coded value SOAP being removed and made generic. This has been fixed by updating the service type to SOAP in the parameters passed to the simulations section.
SR-B11441 · Issue 280633
Connect-SOAP jar recompiled with JDK 1.7 for greater compatibility
Resolved in Pega Version 7.3
After upgrade, an error was generated by Connect-SOAP calls on systems using JDK 1.7. This was caused by the Pega jar having been compiled with JDK 1.8, which lacks backwards compatibility. To resolve this, the jar has been recompiled using JDK 1.7 as it has forward compatibility and will work with the higher version.
SR-B11741 · Issue 285895
Tenant ID check added to Ruleset Wizard for MT
Resolved in Pega Version 7.3
Attempting to deleting a ruleset in a multi-tenant environment using the Ruleset Wizard resulted in the error message 'Getting records from the database' and the application would hang. This was due to a missing tenant ID in the SQL statement, and a check has been added to the query generation to ensure the prepared values for "pzTenantID" are included.