SR-A16899 · Issue 233288
ID Security enhanced for PostToSocialStream
Resolved in Pega Version 7.2.1
It was possible to to change the actor name with a runactionwrapper call to pzPostToSocialStream. This was a potential security issue where the parameter could be altered to post a message on some other's behalf. Since the actor is always the current operator, the parameter is not needed and a validation has been added in its place to check if the actor is indeed the current user. If this is true the message will be posted, and otherwise the activity will exit.
SR-A16906 · Issue 234460
Certificates package name error resolved
Resolved in Pega Version 7.2.1
In ViewCertificates.jsp and InstallCertificates.jsp, a difference in package name syntax caused some versions of Tomcat to indicate a compilation error and the webpage was not shown. This has been fixed.
SR-A16938 · Issue 232832
Hardcoded DDL date replaced with dynamic string for Postgres compatibility
Resolved in Pega Version 7.2.1
The PostgreSQL DDL generator for install and upgrade in PRPC 7.1.9 created a PL/pgSQL containing the direct date value "01/01/1990". In some versions of Postgres 9.3, this caused a datestyle mismatch execution error when datestyle was set to "iso, ymd" on the postgresql.conf side. This has been resolved by replacing the hardcoded date value with a to_date function that uses an appropriate format string.
SR-A17004 · Issue 239165
Silverlight updated for URL encryption
Resolved in Pega Version 7.2.1
If URL encryption is turned on in an environment where the Silverlight version of the WordMerge feature in use doesn't support encrypted URLs the error "Silverlight Control ERROR in 'GetAbsUriAllCookies': Cannot find absolute server URI when trying to launch word from within their application" was generated. The system has now been updated to detect the use of URL encryption in Silverlight via out-of-the-box JavaScript APIs and the URLs will be accordingly encrypted. The Silverlight Prerequisites installer has also been modified to include the latest certificate.
SR-A17175 · Issue 234726
Corrected results display for upgraded pysearchResultWork filters
Resolved in Pega Version 7.2.1
When applying the pysearchResultWork filter on the native work objects search bar, some results were not displayed as expected after upgrade. This was caused by an error in setting the property for ad hoc cases inside a child activity, and has been fixed.
SR-A17217 · Issue 234378
Security enhanced for RelayState
Resolved in Pega Version 7.2.1
Transport layer security (enabling SSL/TLS for all the communications) has been added to RelayState handling.
SR-A17278 · Issue 232804
Corrected file output override of Manifest path
Resolved in Pega Version 7.2.1
If a path was indicated by selecting the 'Include Manifest' check and the rule was saved, the manifest output directory path was overridden by the value of File Output directory the next time the rule was opened. This has been fixed with changes to pzCopyContentstoManifest DataTransform that will auto-populate the Manifest file directory and Manifest file name with the output file directory, and then output the file name of the extract only if the Manifest file directory and Manifest file name are empty.
SR-A17288 · Issue 237095
Email listener leaves empty text body untouched
Resolved in Pega Version 7.2.1
When Email Listener received a new email of Content-Type: text/plain with a subject line but an empty message body, it copied the email's subject to the email's body. This was traced to code explicitly performing this copying, which has been removed.
SR-A17313 · Issue 246970
Function added to XML manifest that includes empty pagelists for count
Resolved in Pega Version 7.2.1
If a PageList with empty properties is extracted to XML, it still appears in the XML file with empty tags but the entry is not counted for the pxTotalClassInstanceCount pagelist nodes count in the manifest file. This is as intended. As an enhancement to help with validation of the extract, an additional function pxTotalInstanceCount has been added to summarize all of the entries that are included in the XML regardless of whether or not they are populated with data. This will equal the pxTotalClassInstanceCount plus the number of empty tag entries.
SR-A17399 · Issue 233769
Cleared authentication requirement check box for PZINVOKECASETYPE
Resolved in Pega Version 7.2.1
SOAP clients were not able to execute authenticated activities (DATA-PARTY-PERSON VALIDATE , WORK-COVER- PZINVOKECASETYPE) due to the out-of-the-box final activity pzInvokeCaseType having 'Require authentication to run' default to checked. This default interfered with the ability to remove a covered case from a cover case, and has been changed.