SR-B66858 · Issue 315685
Cassandra fixes for AIX systems
Resolved in Pega Version 7.3.1
A Cassandra node start failure on some AIX environments was traced to a condition for checking whether Java version 1.7 and 1.8 in file cassandra-env-AIX.sh were present in the dnode-7.2.1.jar. This check is not necessary as the same check is already performed in Cassandra.java class, and it has been removed from the cassandra-env-AIX.sh script. Additionally a new system setting dnode/overwrite_cassandra_env has been introduced to allow disabling replacing cassandra-env.sh script with cassandra-env-AIX.sh (which is normally done on AIX systems).
SR-B66892 · Issue 315757
Cassandra support enhanced for CQL 3 data types
Resolved in Pega Version 7.3.1
The connector was unable to read a date-filed value from Cassandra to Pega Dateonly or varchar datatype, instead failing with an exception. As a result, data was not readable via connect-Cassandra if that table had new column types like (date,time,tinyint,smallint). To resolve this, data type support has been added for the new types in CQL 3.3 (smallint,tinyint,date,time).
SR-B70652 · Issue 325760
Read operations updated for Datastax 3.1.x use
Resolved in Pega Version 7.3.1
In the 3.1.x Datastax driver reads are no longer retried by default. Therefore, the read operations have now been explicitly marked as idempotent to force the Datastax driver to retry timed out reads.
SR-B70652 · Issue 325924
Timeout error resolved for write future
Resolved in Pega Version 7.3.1
With retries enabled, the write future was timing out before retries could be completed. This has been fixed by removing the timeout on the write future since timeouts will be caught using Datastax driver exceptions.
SR-B74934 · Issue 327017
Facebook connector refined to handle page deletion while the AADrivetech is active
Resolved in Pega Version 7.3.1
A Facebook connector trying to connect to a invalid page was causing out of memory errors. In this scenario, a Facebook Page that was no longer required was deleted but the AADrivetech Facebook connector was left running. This connector, in its attempts to contact the Facebook page and retrieve the getFrom parameter which was now null, started to consume resources on the node leading to the outage. To solve this, the code has been modified to not expect the user name to always come from Facebook but instead put in an anonymous name if the page disappears.
SR-B76526 · Issue 326533
Backwards compatibility enhancement for @when() validation
Resolved in Pega Version 7.3.1
After upgrade, a Strategy rule which referred a 'when' with the syntax @when(isOnlineApplication) was failing with design time validation saying that when rule was not found in the SR and instead it had to find it in the Customer/Applies to class. For the @when() issue, the root cause was that the validation context of @when() was switched from Applies-To class to the Step Page class due to a change in the core engine. The behavior of expression parsing for when rule calls was changed in release 7.2. It used to take the Apply-to class to validate the existence of the rule, but not it is taking the Step Page class. And Strategy rule doesn't push/pop stackframe due to performance reasons, thus StepPage on stack for Strategy is always the same as Primary page. For greater compatibility, the system will set the PageContextClass to the Apply To class so the expression parser can validate the setup which is expected at run-time.
SR-B37374 · Issue 309750
null-pointer exception fixed for missing rule class
Resolved in Pega Version 7.3.1
After upgrade, a null-pointer exception was generated when the class on which a rule was defined no longer existed and there was a withdrawn rule in the hierarchy. This has been fixed.
SR-B40801 · Issue 317066
Check added to ensure downloaded files match the extension type given
Resolved in Pega Version 7.3.1
In the remote application that provided functionality for downloading files, no validation was performed on the requested file extension or file name during the request; these values could be constructed in the file request. However, this could allow attackers to send malicious links to end users by forcing a file to have a specific file extension such as .exe, .html, or .bat . In order to prevent issues, a check has been added to see if the extension of the filename and the actual file extension match. If they do not, the file will not be downloaded.
SR-B44095 · Issue 318443
Re-indexing modified with check for FTS reinitialization
Resolved in Pega Version 7.3.1
Using the Designer Studio 'Search Landing Page' to initiate a re-index of approximately 12 million work items never seemed to complete. This was traced to an unnecessary reinitialization call; the API used to reconfigure the Search node (initialized from the FullTextIndexer command line utility) uses the configure node API to remove the index directory information on the index node. This API has logic to reinitializeFTS because it is the expected behavior in normal scenarios. However, in cases using the full text indexer command line utility, we do not need to reinitalize the FTS instance as the node is a standalone node. This has been updated.
SR-B48161 · Issue 311806
Pega0001 alert honors parameter page inclusion setting
Resolved in Pega Version 7.3.1
The setting was not being properly honored, causing sensitive information to be available in the ALERT logs. This has been revised so the system will honor the above setting and if it is set to false, the parameter page will be disabled in the alert lines.