SR-A22198 · Issue 244738
Empty access groups handling added for organizational instance
Resolved in Pega Version 7.2.1
If an unauthenticated access group was configured in the organizational instance, errors occurred because the organization instance access groups are only considered for session authorization once the user is authenticated. This will now be handled through a validate activity change in the Data-admin-organization to honor the emptiness of access groups
SR-A24508 · Issue 246983
Apache Struts updated for security
Resolved in Pega Version 7.2.1
Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.