SR-B56328 · Issue 312168
RARO rules more secure against deletion
Resolved in Pega Version 7.3.1
In order to make RARO rules more secure, the system has been updated such that Class Permissions can't be deleted from the role unless the operator has permission and is operating in a valid context (unlocked ruleset). This has been done by revising the Role rule form to disable the delete button when RARO/RADO is in a locked ruleset.
SR-B57046 · Issue 314358
Parameters removed from on-screen error messages to protect sensitive data
Resolved in Pega Version 7.3.1
It was discovered that sensitive information such as account numbers used as parameters were being displayed in exception error messages displayed on the screen. Including the parameters as part of the error is intended to aid in debugging the problem, but these parameters do not need to be displayed in the UI. In order to protect potentially sensitive data, parameter values have been removed from the exception message. When the DeclarativePageDirectoryImpl logger is enabled, the parameters will be entered into the Pega log files and not shown on screen.
SR-B67143 · Issue 316168
Proxy configurations made available to OAuth2 and other clients
Resolved in Pega Version 7.3.1
Setting up Proxy for the REST Connector was not working when using OAuth2. When using OAuth2 authorization for Connector features including REST Connectors, the com.pega.pegarules.integration.engine.internal.client.oauth2.OAuth2ClientImpl class is used for connections to the OAuth2 Provider for interactions such as fetching authorization tokens. However, OAuth2ClientImpl does not have the required code for "picking up" the JVM-level proxy settings and applying them to the HTTP Client it uses, so the HTTP calls to the OAuth2 provider were always bypassing the configured HTTP proxy. In order to resolve this and enhance future use, the code in the RESTConnector module that allows REST Connectors to use HTTP Proxies has been extracted out into the "HTTPClientUtils" module so that it can be used by any consumer to apply the system's Proxy configuration to any instance of PegaRESTClient. OAuth2ClientImpl has been updated to call this during HTTP client setup, prior to making the request for data from OAuth2 Providers, and RESTConnnector has been updated to call this new implementation to replace the universal Proxy code that was refactored out of it.
SR-B42729 · Issue 309850
Prgateway exception logging enhanced
Resolved in Pega Version 7.3.1
Stack trace logging has been enhanced for Prgateway exceptions.
SR-B42729 · Issue 309869
Prgateway exception logging enhanced
Resolved in Pega Version 7.3.1
Stack trace logging has been enhanced for Prgateway exceptions.
SR-B43915 · Issue 308088
Fixed Product Rule min and maxVersion value reset
Resolved in Pega Version 7.3.1
Values of mMinVersion and mMaxVersion were not being reset to null values after the "rulesets to include section" was processed in the product rule. This affected the "classes to include" section of the addSpecInstances() method as well, and happened only in special case when 'Rule-RuleSet-Version' class was included in the classes to include section. This resulted in the condition propagating from one section to another instead of clear initialization. This has been fixed by resetting the minVersion and maxVersion values after processing rulesets to include.
SR-B67118 · Issue 316911
Password obfuscated in serviceutils INFO message
Resolved in Pega Version 7.3.1
When running prpcServiceUtils.sh, the password from the property pega.rest.proxy.password was visible in an INFO statement due to the export with params listing all values including the password. The code has been revised so passwords will be obfuscated while logging in prpcServiceUtils.properties and not shown as plain text values.
SR-B56367 · Issue 313698
Query updated for Oracle DDL generation
Resolved in Pega Version 7.3.1
When using a class mapped to an external database view, creating a RAP that included a Data-Admin-DB-Table instance in a lower environment for import into a higher environment resulted in invalid generated DDL for the view. This was due to a column alias list in the view definition not being included in the generated DDL, and has been fixed by using a different metadata query for Oracle to ensure the column list is returned if it was originally specified.
SR-B67316 · Issue 317299
Query updated for Oracle DDL generation
Resolved in Pega Version 7.3.1
When using a class mapped to an external database view, creating a RAP that included a Data-Admin-DB-Table instance in a lower environment for import into a higher environment resulted in invalid generated DDL for the view. This was due to a column alias list in the view definition not being included in the generated DDL, and has been fixed by using a different metadata query for Oracle to ensure the column list is returned if it was originally specified.
SR-A101514 · Issue 316396
Busy indicator memory leak fixed for multiple iframes
Resolved in Pega Version 7.3.1
A memory leak was found with the client side script busy indicator when multiple iframes were involved. As part of this change, a part of the code in pega_ui_busyindicator.js which removes the status div within hidden iframes has been reworked to avoid memory leakage.