SR-A11696 · Issue 224612
Namespaces considered while constructing WSDL type maps
Resolved in Pega Version 7.2
Previous versions that had repeating complex elements used as references ended up with "type2" appended to those elements when the WSDL was generated after upgrade. This format was put in place to avoid namespace collisions when duplicate names are used for the same complex types in a schema with different targetnamespace. However, even though the WSDL was semantically correct, it caused backward compatibility when generating stubs out of WSDL and created the need to regenerate the stubs. To resolve this, changes have been made to XMLTreeViewUtils.addDocElementDeclaration() to consider namespaces while constructing the type definition map.
SR-A13436 · Issue 225301
Security update for Apache commons-collection
Resolved in Pega Version 7.2
The Apache commons-collections library has been updated to v3.2.2 to close a vulnerability that permitted code execution when deserializing objects involving a specially constructed chain of classes.
SR-A7804 · Issue 218676
Rest inbound call mapping updated to determine response type
Resolved in Pega Version 7.2
When Rest service was built in the Pega application and exposed to external applications (non-Pega), the JSON request payload was not mapped to the clipboard during the input data mapping if the setting "Content-Type: application/json; charset=utf-8" was used, but did work as expected when the client calling the service used "Content-Type: application/json" and did not set charset. This error was linked to a space character missing between the given Content-Type value and charset parameter, and has been updated to avoid this issue in the future by setting the extract content-type value and excluding the charset parameter value, then determining whether the response is of text type.
SR-A9518 · Issue 220076
Rule-Utility-Function updated to handle name mismatch between versions
Resolved in Pega Version 7.2
After creating a MapTo library and function activity that was called via a File Service, the Simulation results returned an error that the function rule could not be found. This was caused by changes made to the TestFunction activity: in earlier versions with one String as a parameter it was named "TestFunction" and passed to the library APIs which invoked this function via reflection, but more recent versions generate the library name as "TestFunction--(String)". The name mismatch fails with a "no such method" exception. To support backward compatibility, updates have been made to getMapToUtlityMethod().
SR-A12649 · Issue 226090
Improved recovery for HTMLtoPDF font issues
Resolved in Pega Version 7.2
When running under Linux/Unix, problems with setting up the fonts directory in the HTMLtoPDF API resulted in the StepStatusFail 'when' rule being TRUE and tracer always displaying a FAIL step even if the resultant PDF was created. This meant it was not possible to test whether the call to the activity was successful or not. This API has been updated for better recovery in this scenario.
SR-A13285 · Issue 226411
Corrected wait interval = 0 in JMS Listener
Resolved in Pega Version 7.2
As per documentation, setting JMS Listener to zero wait should indicate that the listener will not sleep and will actively pull messages. However, an error prevented zero from being accepted as a valid input for the timeout interval. This has been corrected.
SR-A10153 · Issue 221976
Constructor updated for invokeMQConnector
Resolved in Pega Version 7.2
If one session/requestor/thread had a problem with the MQQueueManager(qmNameRequest) method call, browsers were left in a blocked state and it was not possible to make any connect-mq calls until the problematic requestor had resolved. This has been resolved.
SR-A2361 · Issue 212842
XSS fix updated for IAC with CSRF tokens
Resolved in Pega Version 7.2
After updating to address a potential XSS security issue, some problems were found with using IAC with CSRF tokens in the pathinfo. Additional checks have been added to handle this scenario.
SR-A2361 · Issue 210192
XSS fix updated for IAC with CSRF tokens
Resolved in Pega Version 7.2
After updating to address a potential XSS security issue, some problems were found with using IAC with CSRF tokens in the pathinfo. Additional checks have been added to handle this scenario.
SR-A7513 · Issue 219783
Corrected timing of OnMessage firing on restart
Resolved in Pega Version 7.2
MDB Listeners that have been processing incoming messages successfully were becoming problematic when the JVM was restarted. At that time, PRJMSListener's onMessage() started to process JMS messages from the queue even when the PegaRULES engine had not successfully initialized, resulting in large numbers of repeating error messages in the log file. In order to resolve this, the PRJMSListener.java has been updated to check the node initialization in OnMessage() itself instead of invoke() of JMSListenerServant.