SR-121471 · Issue 179231
Potential XSS vunerability eliminated
Resolved in Pega Version 7.1.8
The system has been modified to enhance security and eliminate a potential XSS vulnerability related to adding a file attachment.
SR-121501 · Issue 183603
Enhanced security for SQL exceptions errors
Resolved in Pega Version 7.1.8
In order to avoid a potential security vulnerability, the error messages generated by database exceptions have been made consistent for DB2 and Oracle and do not display SQL information in the log.
SR-121588 · Issue 181232
Updated PDF conversion for latest versions of Microsoft Internet Explorer
Resolved in Pega Version 7.1.8
When using the Out-Of-The-Box Flow Action called "ConvertAttachmentToPDF", no error was generated at runtime but the new file attached to the case was not correctly converted. The root cause was the HTML rule called "ActionConvertAttachmentToPDF" which contained JavaScript code that was not fully compatible with the newest releases of the Microsoft Internet Explorer browser. This has been changed.
SR-121588 · Issue 176641
Updated PDF conversion for latest versions of Microsoft Internet Explorer
Resolved in Pega Version 7.1.8
When using the Out-Of-The-Box Flow Action called "ConvertAttachmentToPDF", no error was generated at runtime but the new file attached to the case was not correctly converted. The root cause was the HTML rule called "ActionConvertAttachmentToPDF" which contained JavaScript code that was not fully compatible with the newest releases of the Microsoft Internet Explorer browser. This has been changed.
SR-121623 · Issue 186850
Added WS-addressing UI check
Resolved in Pega Version 7.1.8
Connect SOAP calls were failing sporadically with a Message Addressing Property error while calling external services even when WS-Addressing was off. This happened when the WS setting was modified: the addressing module is engaged with first call of connector, and there was no cache clearing if the option was turned off for subsequent calls. Code has been added to check the addressing handler status and process it appropriately.
SR-121632 · Issue 183997
RefreshOnConflicts changed for better locking
Resolved in Pega Version 7.1.8
During work flow processing, using the Out-Of-The-Box "Refresh" action and then submitting the current assignment removed the ability to submit the following assignment and an error was generated: "You have lost the ability to make this change because a change elsewhere has taken precedence over the change you made here. Please click on the assignment again to continue." If there are back-to-back assignments and the 'Refresh on Other' action is clicked first, when the second assignment is submitted this lost locking error is displayed. To resolve this, the RefreshOnConflicts activity has been changed to invoke ProcessAssignment on newAssignPage instead of WorkPage so that the locking mechanism will function as expected.
SR-121686 · Issue 183607
Email Listener timeout tuned for EAR deployments
Resolved in Pega Version 7.1.8
When the email listener encountered an error in installations with EAR deployments, it stopped processing emails until the listener was restarted manually. This was caused by the Timer variable being static in EAR deployments with no logic available to reset it, so it continued to grow over time and could result in sleep times of days. Logic has now been added to reset the timer. The default sleep time has also been set to increase 30 seconds each time an error is encountered to a max of 90 seconds (sleep times are 5 , 30 , 60, 90 seconds) at which point it will reset.
SR-121858 · Issue 183012
Added integration for Microsoft Azure Root Certificates
Resolved in Pega Version 7.1.8
Attempting to implement Single Sign On using MS AZURE AD was failing. This was due to the Microsoft Azure Root Certificates not being correctly configured/imported into the target Application Server. Microsoft Technical Support was engaged and recommended manually exporting the required certificate from Azure and importing into the target environment as a workaround, and this integration has now been addressed with updates to the XML Security ResourceBundle.
SR-121993 · Issue 181639
Fixed handling issues with substitutions enabled Parse XML rules
Resolved in Pega Version 7.1.8
Parse XML rules generated from an XML schema (xsd) saved in draft and "Not available" were generating Java errors when attempting to check out the rules and make them available. This happened when there were substitution elements and an embedded reference to the same element, and was caused by improper handling of the substitution helper method. This has been corrected.
SR-122108 · Issue 182692
Fixed linking for work objects in CalendarViewGadget
Resolved in Pega Version 7.1.8
Using CalendarViewGadget to show calendar with work objects generated a Javascript popup with message "undefined" when clicking on the link of a work object. This "undefined" alert was added for situations where there is no handle passed to the openWorkByHandle desktop API, but there was an incorrect key in the hashtable of strings used to get the localized value. This has been fixed.