SR-B11243 · Issue 288261
XSS handling added for ShowSelectedPortal in RedirectRun
Resolved in Pega Version 7.3
XSS handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.
SR-B14331 · Issue 287641
pzSUS Param properly URLEncoded
Resolved in Pega Version 7.3
The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.
SR-B14745 · Issue 285506
pzSUS Param properly URLEncoded
Resolved in Pega Version 7.3
The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.
SR-B17270 · Issue 288020
XSS filtering added to Autocomplete highlighting
Resolved in Pega Version 7.3
XSS filtering has been added to Autocomplete highlighting for better security.
SR-B30747 · Issue 297009
XSS filtering added to report browser CategoryDescription
Resolved in Pega Version 7.3
The list of categories on the right in the report browser allowed some HTML tags to be applied when added to the label. XSS filters have been applied to the CategoryDescription labels to improve security.
SR-B33262 · Issue 289812
IACAuthentication security improved
Resolved in Pega Version 7.3
The IACAuthentication activity assumed third party authentication and did not check for a password. In order to improve security, default password validation has been added to the shipped IACAuthentication activity.
SR-B37039 · Issue 293524
Security upgrade for Struts2
Resolved in Pega Version 7.3
To improve security, Apache Struts2 has been upgraded to version 2.3.32 .
SR-B37306 · Issue 293862
Security upgrade for Struts2
Resolved in Pega Version 7.3
To improve security, Apache Struts2 has been upgraded to version 2.3.32 .
SR-B37351 · Issue 288347
FTP connection test loads authentication profile
Resolved in Pega Version 7.3
The FTP Server Test connectivity button was not working if the server did not allow anonymous connections. This was due to tests not loading the Authentication Profile, and the system has been updated to load the profile during the connection build process.
SR-B37427 · Issue 293709
Security upgrade for Struts2
Resolved in Pega Version 7.3
To improve security, Apache Struts2 has been upgraded to version 2.3.32 .