SR-A21569 · Issue 242079
Corrected persistence of deleted requirements links with multiple actors
Resolved in Pega Version 7.2.1
When checking in a specification with more than one actor specified on it, deleted requirement links re-appeared after the rule was closed and re-opened. This was due to an unnecessary section refresh, which has been removed.
SR-A22198 · Issue 244738
Empty access groups handling added for organizational instance
Resolved in Pega Version 7.2.1
If an unauthenticated access group was configured in the organizational instance, errors occurred because the organization instance access groups are only considered for session authorization once the user is authenticated. This will now be handled through a validate activity change in the Data-admin-organization to honor the emptiness of access groups
SR-A24508 · Issue 246983
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.