SR-B38317 · Issue 295056
Password expiry logic updated to use start of day
Resolved in Pega Version 7.3
Previously, the password expiry logic was based on a tight format of number of days+ timeStamp. This caused scenarios such as not prompting for a password reset when user logs in, but rather at the exact time stamp of the previous change even if that comes in the middle of work and throws the user out of the session. To avoid this behavior, the password expiry logic is now based on number of days logic with timeStamp defaulted to start of day (00.00) taking care of locale and getting difference in number of days.
SR-B38330 · Issue 297411
Added code to ensure cursor closes on null-pointer exception
Resolved in Pega Version 7.3
Open cursor issues were occurring with out-of-the-box queries.SPPR_SYS_RESERVEQUEUEITEM_B Stored Proc when an exception was raised. Code has been added to ensure the cursor is closed in this situation.
SR-B38339 · Issue 302549
Commented out unnecessary external link from jsonscript.js
Resolved in Pega Version 7.3
During a vulnerability scan it was noted that jsonscript.js contained a link to external site. This was a link to a library in the public domain that is not necessary for the script to function, and it has been commented out.
SR-B38472 · Issue 296794
Repaired Connect SOAP with MTOM enabled
Resolved in Pega Version 7.3
After upgrading, Connect SOAP request messages were failing on the back end server with the error "xop 3.2.2.a: xop:Include must be the sole child of element". This was caused by the base64binary not being substituted correctly with the expected "XOP Include" element, and has been fixed.
SR-B38472 · Issue 299159
Repaired Connect SOAP with MTOM enabled
Resolved in Pega Version 7.3
After upgrading, Connect SOAP request messages were failing on the back end server with the error "xop 3.2.2.a: xop:Include must be the sole child of element". This was caused by the base64binary not being substituted correctly with the expected "XOP Include" element, and has been fixed.
SR-B38472 · Issue 295746
Repaired Connect SOAP with MTOM enabled
Resolved in Pega Version 7.3
After upgrading, Connect SOAP request messages were failing on the back end server with the error "xop 3.2.2.a: xop:Include must be the sole child of element". This was caused by the base64binary not being substituted correctly with the expected "XOP Include" element, and has been fixed.
SR-B38578 · Issue 295917
Fixed null-pointer exception in external DB extract
Resolved in Pega Version 7.3
When using a class which maps to a table in an external database, running an extract caused a database permission error when trying to access the pr_log table in the PegaRULES database. This exception was caught and logged but then processing continued, resulting in a NullPointerException being thrown. To correct this, the sequence number generator has been modified to use the pr_log table instead of the class on which extract is defined.
SR-B38578 · Issue 272419
Fixed null-pointer exception in external DB extract
Resolved in Pega Version 7.3
When using a class which maps to a table in an external database, running an extract caused a database permission error when trying to access the pr_log table in the PegaRULES database. This exception was caught and logged but then processing continued, resulting in a NullPointerException being thrown. To correct this, the sequence number generator has been modified to use the pr_log table instead of the class on which extract is defined.
SR-B38602 · Issue 296751
Login error message modified for increased security
Resolved in Pega Version 7.3
When an operator was configured to use External authentication and then attempted to login through other servlets, the error message included the operator ID. This could be used maliciously to discover valid IDs on the system, so in order to improve security, the process has been modified to remove the ID from the failure message. If authentication fails, the message "The information you entered was not recognized." will be displayed and the system will log an error message in the PegaRULES log file with the actual message "Error authenticating , : This user must use external authentication."
SR-B38602 · Issue 297290
Login error message modified for increased security
Resolved in Pega Version 7.3
When an operator was configured to use External authentication and then attempted to login through other servlets, the error message included the operator ID. This could be used maliciously to discover valid IDs on the system, so in order to improve security, the process has been modified to remove the ID from the failure message. If authentication fails, the message "The information you entered was not recognized." will be displayed and the system will log an error message in the PegaRULES log file with the actual message "Error authenticating , : This user must use external authentication."