SR-A77003 · Issue 252758
GetFileAttachmentContent validates with Data-WorkAttachment- instead of File
Resolved in Pega Version 7.2.2
The SetEmailAttachments activity step 3 (java step) called a RUF pxGetFileAttachmentContent that always validated the pxObjClass with Data-WorkAttach-File. In order to support other classes of attachment, the validation process has been changed to Data-WorkAttachment- instead of File.
SR-A87728 · Issue 257771
Improved null namespace handling for WSDL import
Resolved in Pega Version 7.2.2
The SOAP Connector (Wizard) functionality in the Pega product was implemented and tested with the assumption that the WSDL document provided for consumption would contain a target namespace. Though not technically required, the great majority of WSDL documents meet this description. However, when using an imported WSDL that has no namespaces, the pxParseWSDL activity was passing a reported null namespace to some Axis2 activities that were not capable of safely consuming Definitions with null namespaces. This resulted in a "StringIndexOutOfBounds" error. To create more stability with the additional activities, WSDLParser has been updated to use QName objects themselves whenever possible and set the target namespace for the Definition to "" when it detects that it is null.
SR-A90147 · Issue 258936
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A91799 · Issue 259729
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A92490 · Issue 259593
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A92491 · Issue 259592
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A92492 · Issue 259728
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A102503 · Issue 271030
Restriction facet set corrected for max and minExclusive
Resolved in Pega Version 7.2.2
Using a service where WSDL defined a single method and used a datatype definition from an XSD import generated the error "Unsupported XML 1.0 Restriction "minExclusive" minExclusive restriction is not recognized". This error occurred because minExclusive was not added to recognized facet names but maxExclusive is added twice. To fix this, the duplicate occurrence of maxExclusive was removed and minExclusive was added to the recognized restriction facet set in XSDConstants.
SR-A79678 · Issue 254551
Rule-Parse forms in SI converted to harness based
Resolved in Pega Version 7.2.2
When opening an instance of the class Rule-Parse-Infer or Rule-Parse-Transform in the Smart Investigate for Payments application, the data was not rendered in the form but instead displayed as an XML page. This was due to rule forms being form-based, and an enhancement has been added to convert them to harness-based. In addition, the rule types Rule-Parse-Infer and Rule-Parse-Transform are no longer marked as deprecated so they may be fully utilized with the Pega SI Framework 7.11 and Pega engine releases going forward.
SR-A76262 · Issue 256275
Logic updated for parse SOAP to better handle similar element names
Resolved in Pega Version 7.2.2
When the path to an XML node included at least one repeating element and some other element in the path had a name which ended with the name of the repeating node, the data placed in properties by Rule-Parse-XML was potentially inaccurate. The end result is that the data that is recorded in Pega as coming from the N-th occurrence in a repeating element set might contain some data that actually comes from the 0-th occurrence or some other occurrence that is not N. To make the results accurate and consistent, the system has been updated to remove all simple text searches so the replacement of generic node names with indexed node names happens to the correct nodes, regardless of similarities between names in the path.