SR-120977 · Issue 180096
File extension type now visible in the audit trail for attachments
Resolved in Pega Version 7.1.8
After files were uploaded and attached, it was seen that only the file name itself was found in the audit trail and there was no extension given. In order to pass the attachment file type extension, the pynote value will be passed as a parameter to the pyHistoryMemo FileAttached field value, and written to the audit.
SR-121016 · Issue 179993
JMS handling enhanced for complex custom environments
Resolved in Pega Version 7.1.8
When a JMS message is created, a temporary JMS response queue is also created on the fly. The JMS response queue has a timeout parameter associated. After PRPC has consumed a message from the destination, it retrieves the response parameters from the message header and posts a JMS message to the temporary response queue to complete the cycle. In some complex custom environments, PRPC was not able to send a response message before the response queue timed out and an error was generated. In order to handle these situations, the JMS Listener has been modified to always close MDB response connection before continuing.
SR-121104 · Issue 184148
Enhanced security for SQL exceptions errors
Resolved in Pega Version 7.1.8
In order to avoid a potential security vulnerability, the error messages generated by database exceptions have been made consistent for DB2 and Oracle and do not display SQL information in the log.
SR-121112 · Issue 179088
Step names localized in Stage and Steps display
Resolved in Pega Version 7.1.8
Previously, Step names in the Stage and Steps display were not localized under the ButtonLabel Field Value rules in the same way as the Stage names. This was due to the title being derived from the control "StageProcessLink", which is a non-auto generated control being directly fetched in the HTML markup instead of querying the getLocalizedText method. This has been changed to allow Step names to be included in localization as expected.
SR-121126 · Issue 184375
Corrected handling for properties in XML rule
Resolved in Pega Version 7.1.8
When using properties mapped on the root element of an XML SOAP rule, the attributes were mapped properly but the element value was not. In a related error, after giving ParseXML rule invocation values for Type Substitution for Parse XML, the XML was not mapped to the clipboard for the type substituted elements. There was a workaround of using DSS 'switchtooldassembler', but this has been fixed by updating parsexmlsaxrulewrapper.
SR-121135 · Issue 179497
Transfer and Reassign enhanced to work from embedded pages
Resolved in Pega Version 7.1.8
When a work flow is called from an embedded page, attempting to perform a transfer using the Out-Of-The-Box "Transfer" Flow Action was failing with the exception "The Flow Action post-processing activity Reassign failed: The reference .pyConfirmationNote is not valid. Reason: FUAInstance-NullMyStepPage". This was traced to the configuration not be prepared to work on an embedded page, and has been modified to direct the reassign activity to get the toplevel page if the step page is embedded.
SR-121200 · Issue 184842
DB2 DateTime conversion fixed
Resolved in Pega Version 7.1.8
After inserting date values in DB2, using the select command and retrieving the above date values using RDB-List returned the date as one day earlier. The root cause of this issue was the logic used for reading and writing date columns in DB2. The logic was implemented in order to ensure that the values in the column were both saved and retrieved in GMT time zone. However, when a java.sql.Date object was retrieved from the JDBC metadata, it was returned as the date value at the time of Midnight, and the time zone was set to the local time zone by the metadata (instead of the expected GMT time zone). When preparing to return this value, the Date object was formatted with reference to GMT, which causes the Date object to have an hour subtracted and report a date value that was one day less than expected. To fix this, the datetime logic for the Date columns has been modified to use a DateFormat object in the system's local time zone.
SR-121429 · Issue 187948
Encoded handling for Chinese characters in SOAP
Resolved in Pega Version 7.1.8
Signature verification failed when a SOAP message contained multibyte Chinese characters. This was due to the engine passing platform specific request bytes instead of sending UTF bytes to the third party metro webservices code when signature is enabled. The JAR encoding has been modified to use the style it gets in the request in order to bypass third party platform decisions.
SR-121471 · Issue 179231
Potential XSS vunerability eliminated
Resolved in Pega Version 7.1.8
The system has been modified to enhance security and eliminate a potential XSS vulnerability related to adding a file attachment.
SR-121501 · Issue 183603
Enhanced security for SQL exceptions errors
Resolved in Pega Version 7.1.8
In order to avoid a potential security vulnerability, the error messages generated by database exceptions have been made consistent for DB2 and Oracle and do not display SQL information in the log.