SR-A8207 · Issue 216601
RuleGenerator updated to handle same-name JSON fields
Resolved in Pega Version 7.2
Connect-Rest wizard was throwing a StackOverFlow error while creating elements. The issue occurred during data transform generation when there was a same name JSON field in the nested structure. Changes have been made to RuleGeneratorREST and RuleGeneratorCommon to handle this use case.
SR-A1345 · Issue 205768
Updated KeyManager to incorporate JVM authentication arguments for SOAP
Resolved in Pega Version 7.2
A change in the setting of secure protocol configuration (Advanced tab of Connect SOAP rule) from SSL to TLSversion 1.0 (default) was affecting two-way SSL connections to external systems that used custom implementations of KeyManager. To resolve this, com.pega.pegarules.integration.engine.internal.ssl.SSLUtils.getJREKeyManager() will consider keystores configured using standard JVM arguments: 1) javax.net.ssl.keyStoreType 2) javax.net.ssl.keyStore 3) javax.net.ssl.keyStoreProvider 4) javax.net.ssl.keyStorePassword
SR-A4515 · Issue 210886
Updated Outlook functions used by SendEmailMessage
Resolved in Pega Version 7.2
The SendEmailMessage function is used in conjunction with email clients to send a meeting invite from the PRPC application and have the accepted invitation and subsequent reminders appear on the recipient's calendar. This relies on key value pairs to define different functionalities at the client's end when the file is received. Integration with Outlook is a legacy feature of this function, but does receive some maintenance to maintain viability. To that end, the system has been updated to resolve issues with the calendar interface to Outlook concerning the trigger of meeting invite reminders at the client's end and to better handle the time zone conversion of that meeting. In addition, updates have been added to show the name of the meeting organizer instead of the email id, and the text used by the MeetingData.pyDescription function to set the meeting invite description will also be seen in the mail body.
SR-A3548 · Issue 210897
Updated Outlook functions used by SendEmailMessage
Resolved in Pega Version 7.2
The SendEmailMessage function is used in conjunction with email clients to send a meeting invite from the PRPC application and have the accepted invitation and subsequent reminders appear on the recipient's calendar. This relies on key value pairs to define different functionalities at the client's end when the file is received. Integration with Outlook is a legacy feature of this function, but does receive some maintenance to maintain viability. To that end, the system has been updated to resolve issues with the calendar interface to Outlook concerning the trigger of meeting invite reminders at the client's end and to better handle the time zone conversion of that meeting. In addition, updates have been added to show the name of the meeting organizer instead of the email id, and the text used by the MeetingData.pyDescription function to set the meeting invite description will also be seen in the mail body.
SR-A8788 · Issue 217912
Updated reference mapping to resolve JMS error
Resolved in Pega Version 7.2
If the Request Message Type was set to Map on the Service Tab, adding message data on the request tab to any connect-jms or service JMS rule failed to save and generated the error "Message Key value must be specified for map messages". Setting the same information on the Message Properties area worked as expected. This occurred due to improper mapping of the property references, and the mapping has been corrected.
SR-A2779 · Issue 213357
XMLSecurity library updated to ensure proper SAML STS token signature verification
Resolved in Pega Version 7.2
Classes of Repackaged version of XML Security library were conflicting with JDK/container and causing sporadic signature failures. The ApacheXMLDSig which gets registered as part of the initialization of WSS4j often conflicts with the providers with same name but loaded earlier during server startup. This has been resolved by modifying the XMLSecurity library to register the provider with a different/unique name that will not conflict with any of the standard registered providers.
SR-A589 · Issue 218042
CRLF payload protection enhanced
Resolved in Pega Version 7.2
In some cases, CRLF characters in thread names were not being caught in thread name protection, causing a 303 response and allowing the CRLF characters to be executed in the response back to the browser. To ensure expected behavior, the Location header value will have CR, LF and . removed when PRPC is preparing the HTTP redirect (303) response.
SR-A10706 · Issue 220688
CRLF payload protection enhanced
Resolved in Pega Version 7.2
In some cases, CRLF characters in thread names were not being caught in thread name protection, causing a 303 response and allowing the CRLF characters to be executed in the response back to the browser. To ensure expected behavior, the Location header value will have CR, LF and . removed when PRPC is preparing the HTTP redirect (303) response.
SR-A12347 · Issue 212822
Added check for BIX extract that will exceed filesize name limit
Resolved in Pega Version 7.2
Running a BIX extract with the -i option failed with the error "Error while creating the csv file: The file name entered exceeds the maximum size allowed (255 characters)". This happened in environments where the codehit the OS limit on the filepath name. This can be avoided by ensuring the File Specification tab of the Extract Rule contains a directory path shorter than 255 characters and by taking care not to have another Extract Rule with the same name in a Branch or a higher ruleset version with file specification path longer than 255 characters. To assist this, a check has been added.
SR-A7275 · Issue 216805
Added non-ASCII character handling to MSOGenerateExcelFile activity
Resolved in Pega Version 7.2
When the name of the file to be downloaded contained Japanese characters, the resulting file name displayed spaces in place of the Japanese characters. This was due to the characters in the file name not being encoded using the same character set which would then be used by the browser to decode the file name. To resolve this, the name of the file to be downloaded is now set as part of the Content-Disposition response header and will support non-ASCII characters