INC-223376 · Issue 723575
JMX authentication enabled by default for embedded Kafka and Cassandra
Resolved in Pega Version 8.7.3
For on-premises clients, a potential vulnerability for a Remote Code Execution using the JMX interface on Cassandra and Kafka using exposed network ports has been mitigated by enabling JMX authentication by default for embedded Kafka and Cassandra.
INC-229717 · Issue 730667
Cassandra startup calls reordered to avoid deadlock
Resolved in Pega Version 8.7.3
Nodes received a service request but it became stuck. This was traced to a deadlock related to CassandraSessionCache.getSession, and has been resolved by reordering the method calls used to initialize the Cassandra session to delay adding the session change listener and avoid a deadlock scenario.
INC-215785 · Issue 722554
Corrected logic for parsing imported Excel formula cells
Resolved in Pega Version 8.7.3
Integers specified as cells with formulas in Excel were getting an additional ".0" in them due to them being parsed internally as doubles during the floating point arithmetic of the Apache POI library. This has been resolved by modifying the logic in ExcelUtils.java to apply DataFormatter to get the string value instead of an integer by default for a formula cell.
INC-220770 · Issue 718028
Null check added to getBaseRef
Resolved in Pega Version 8.7.3
When using a customized Cosmos portal that included tabs, some of the Pega APIs were not available in the child frame and javascript errors were generated when calculating the clipboard path for live UI elements. This was traced to invalid references to "pega.api.ui.util.getBaseRef", and has been resolved by adding null checks to the getBaseRef API call to make sure javascript errors are not thrown.
INC-205683 · Issue 702562
Data transform actions supported in offline app
Resolved in Pega Version 8.7.3
Support has been added for pre- and post-processing data transform functionality and validation in the local actions of the offline app.
INC-223851 · Issue 722731
Property encryption documentation updated
Resolved in Pega Version 8.7.3
Documentation on encryption has been updated to clarify that Property Encrypt policies can only be created in Work- Data- , and Index class descendents.
INC-173596 · Issue 673089
Apache Commons HttpClient dependency removed
Resolved in Pega Version 8.7.3
As part of moving from the Apache Commons HttpClient project (which is at end of life and no longer being developed) to the Apache HttpComponents project, openws dependencies on the commons-httpclient jar have been removed.
INC-228169 · Issue 729187
Login error messages updated
Resolved in Pega Version 8.7.3
Exception response messages have been updated in order to improve security around attempts to bypass operator authentication.
INC-220622 · Issue 711374
Libraries updated
Resolved in Pega Version 8.7.3
The following libraries have been updated to the most recent version: - commons-collections - cxf-rt-rs-security-oauth2 - derby - dom4j - google-oauth-client - groovy - jackson-databind - postgres - snakeyaml - spring-core - xmlsec The following library dependencies have been deprecated, excluded, and/or removed: - ant - bsh - commons-compress - gson - io.netty - jackson-mapper-asl - jdom - jdom2 - jdom-legacy - jetty-http - jetty-io - jetty-server - jetty-util - junrar - netty-handler - plexus - plexus-utils - xercesImpl - xstream
INC-221019 · Issue 725147
Modified timestamp query used by ClusterAndDBCleaner
Resolved in Pega Version 8.7.3
The job pyClusterAndDBCleaner was failing with the error "ORA-01861: literal does not match format string". This was traced to the sub-activity pzClearOldQueueProcessorBrokenMessages which was not able to remove broken items with encryption in an upgraded environment due to an incorrect timestamp format passed to the Oracle database. This has been resolved by modifying the query to use a timestamp built using INativeSqlBuilder which will include only the information necessary for the deletion of the item.