SR-131072 · Issue 203709
Requestor token creation added for PRExternal authentication
Resolved in Pega Version 7.1.9
When using a PRExternal authentication scheme, the csrfsession requestor token was not created. This caused a heavy volume of INFO logging messages in production due to the null token. This authentication path has now been added and the token will be correctly created for use.
SR-131691 · Issue 202207
Improved performance for incorrect password handling
Resolved in Pega Version 7.1.9
When the operator entered the wrong password in the login screen, numerous "Stream Overwritten" alerts appeared the Alert log. There was no workflow problem involved, but the logging indicated that there was an additional unnecessary call being made to Stream Web-Login, and that unneeded call has been removed to improve system performance and remove the error being logged.
SR-A4056 · Issue 211550
Corrected validation error for Extract rule field length
Resolved in Pega Version 7.1.9
A validation error noting that the field length of the table was limited to 30 characters was occurring when trying to check in an Extract rule even if the field value had been shortened. While checking in the extract rule, a block of code in the Rule-Utility-Function validateTreeProperties was recomputing the pagelist's table name instead of using the one provided by the user. The Rule-Utility-Function validateTreeProperties function has been modified to fix the issue.
SR-A102729 · Issue 272707
Mobile modal display timing corrected
Resolved in Pega Version 7.3
When the full screen for mobile device option was used while launching a local action, the template buttons (Submit and Cancel) appeared to be missing until the screen adjusted during a focus shift to an editable field. This was an issue with asynchronous display timing in the modal dialog template using dynamic layouts with client side visible whens, and has been fixed.
SR-A102969 · Issue 273954
XSS security update for error.jsp
Resolved in Pega Version 7.3
The error.jsp file has been updated for better XSS security with WebSphere and Firefox.
SR-A96514 · Issue 275326
Updated encryption logic for URL obfuscation
Resolved in Pega Version 7.3
If URL obfuscation was enabled and the incoming URL had non-ASCII characters (or UNICODE) characters in it, the encryption process was failing due to the incorrect length of byte array formation in padding logic. This logic error has been corrected.
SR-A97323 · Issue 266550
XSS filtering added to pzDisplayModalDialog
Resolved in Pega Version 7.3
XSS filtering has been added to the pzDisplayModalDialog to improve security.
SR-B10667 · Issue 283291
IOS HC app login updated to better handle sync conflicts
Resolved in Pega Version 7.3
Intermittent HC iOS login failures or app crashes were accompanied by the error 'Client Store synchronization failed.' To resolve this, web-login has been updated to handle cases where login failure occurs while a sync is in progress.
SR-B10697 · Issue 282917
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.
SR-B10697 · Issue 280753
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.