SR-A92490 · Issue 259593
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A92491 · Issue 259592
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A92492 · Issue 259728
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A102503 · Issue 271030
Restriction facet set corrected for max and minExclusive
Resolved in Pega Version 7.2.2
Using a service where WSDL defined a single method and used a datatype definition from an XSD import generated the error "Unsupported XML 1.0 Restriction "minExclusive" minExclusive restriction is not recognized". This error occurred because minExclusive was not added to recognized facet names but maxExclusive is added twice. To fix this, the duplicate occurrence of maxExclusive was removed and minExclusive was added to the recognized restriction facet set in XSDConstants.
SR-A79678 · Issue 254551
Rule-Parse forms in SI converted to harness based
Resolved in Pega Version 7.2.2
When opening an instance of the class Rule-Parse-Infer or Rule-Parse-Transform in the Smart Investigate for Payments application, the data was not rendered in the form but instead displayed as an XML page. This was due to rule forms being form-based, and an enhancement has been added to convert them to harness-based. In addition, the rule types Rule-Parse-Infer and Rule-Parse-Transform are no longer marked as deprecated so they may be fully utilized with the Pega SI Framework 7.11 and Pega engine releases going forward.
SR-A76262 · Issue 256275
Logic updated for parse SOAP to better handle similar element names
Resolved in Pega Version 7.2.2
When the path to an XML node included at least one repeating element and some other element in the path had a name which ended with the name of the repeating node, the data placed in properties by Rule-Parse-XML was potentially inaccurate. The end result is that the data that is recorded in Pega as coming from the N-th occurrence in a repeating element set might contain some data that actually comes from the 0-th occurrence or some other occurrence that is not N. To make the results accurate and consistent, the system has been updated to remove all simple text searches so the replacement of generic node names with indexed node names happens to the correct nodes, regardless of similarities between names in the path.
SR-A91639 · Issue 260691
eForm PDF displays Japanese characters
Resolved in Pega Version 7.2.2
When trying to generate a PDF document using eForm PDF, Japanese characters were not displaying in the corresponding mapping field. This has been fixed by adding input parameters to get font details in the GenerateEForm activity and embed the font information in the PDF itself.
SR-A91639 · Issue 260831
eForm PDF displays Japanese characters
Resolved in Pega Version 7.2.2
When trying to generate a PDF document using eForm PDF, Japanese characters were not displaying in the corresponding mapping field. This has been fixed by adding input parameters to get font details in the GenerateEForm activity and embed the font information in the PDF itself.
SR-A67007 · Issue 255075
Catch improved to close Message Explorer connections
Resolved in Pega Version 7.2.2
When using the Message Explorer functionality provided on the JMS Connect rule form, it only allows a number invocations equal to the size of the connection pool. Due to an issue with releasing the connections when using Resource Reference mode or IIOP protocol, the pool was being exceeded and the error "Couldn't create connection object" appeared. This has been fixed by changing the conditional catch for closing the connection with a more effective try catch.
SR-A92057 · Issue 259453
OneTimeUse cache file generation disabled for SAML2
Resolved in Pega Version 7.2.2
Whenever SAML2 Token contained a "OneTimeUse" caching condition there were thousands of unwanted files generated. This caching has been disabled in the assertion validation code of SAMLv2ResponseProtocolValidator.java, so even if SAML2 token contains that OneTimeUse condition these files will not be generated.