SR-A22198 · Issue 244738
Empty access groups handling added for organizational instance
Resolved in Pega Version 7.2.1
If an unauthenticated access group was configured in the organizational instance, errors occurred because the organization instance access groups are only considered for session authorization once the user is authenticated. This will now be handled through a validate activity change in the Data-admin-organization to honor the emptiness of access groups
SR-A24508 · Issue 246983
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
SR-A24787 · Issue 247535
SA mobile app hang fixed
Resolved in Pega Version 7.2.1
Hitting the 'back' button in the SA mobile app before a work-object fully loaded the master-details caused the app to hang. This was traced to an issue with the thread switching that caused a JS exception, and has been resolved.
SR-A24787 · Issue 245849
SA mobile app hang fixed
Resolved in Pega Version 7.2.1
Hitting the 'back' button in the SA mobile app before a work-object fully loaded the master-details caused the app to hang. This was traced to an issue with the thread switching that caused a JS exception, and has been resolved.
SR-B15685 · Issue 317888
Mobile autocomplete dropdown selections fixed
Resolved in Pega Version 7.3.1
When the 'Enable lightweight autocomplete on phone' and 'Allow scrolling for more results' were enabled, the incorrect data was selected (e.g., using the autocomplete to select "John" from the list instead displayed "Mark"). This was due to a logic issue around the scroll feature for mobile list based autocomplete, and has been fixed.
SR-B71308 · Issue 319409
Paragraphs load as expected in offline app
Resolved in Pega Version 7.3.1
After upgrade, paragraph rules were not displaying as expected in the offline mobile app. Instead, the message 'Loading...' appeared in their place. This was traced to the records being returned correctly but not being properly packaged for display due to an error in the report definition. To correct this, a step has been added to the pzPackageLocalization activity to clear parameters which may mislead report execution.
SR-B71308 · Issue 320806
Paragraphs load as expected in offline app
Resolved in Pega Version 7.3.1
After upgrade, paragraph rules were not displaying as expected in the offline mobile app. Instead, the message 'Loading...' appeared in their place. This was traced to the records being returned correctly but not being properly packaged for display due to an error in the report definition. To correct this, a step has been added to the pzPackageLocalization activity to clear parameters which may mislead report execution.
SR-B66996 · Issue 312205
Access control policy logic added for non-work/data/assign classes
Resolved in Pega Version 7.3.1
As part of ABAC (Attribute-based access control) restrictions, if a class property was of type PageList, security had to be created in the PageList property class type. However, if the pagelist was of type "Embed-" class then it was not possible to create security policy due to the inability to apply property masking for page list properties of that class. To resolve this, property masking implementation logic has been added to support page list properties of non-work/data/assign classes for access control policies.
SR-B66996 · Issue 315524
Access control policy logic added for non-work/data/assign classes
Resolved in Pega Version 7.3.1
As part of ABAC (Attribute-based access control) restrictions, if a class property was of type PageList, security had to be created in the PageList property class type. However, if the pagelist was of type "Embed-" class then it was not possible to create security policy due to the inability to apply property masking for page list properties of that class. To resolve this, property masking implementation logic has been added to support page list properties of non-work/data/assign classes for access control policies.
SR-B55119 · Issue 312817
Handling added for absent property in Access When
Resolved in Pega Version 7.3.1
Configuring Access Control Policy to automatically restrict access to certain records by including an Access When rule to compare a custom property (.Consultant) on the OperatorID (Data-Admin-Operator-ID) page generated an exception if that property did not actually exist on the current operator. This has been resolved by revising the security policy engine to handle the exception.