SR-A102969 · Issue 273954
XSS security update for error.jsp
Resolved in Pega Version 7.3
The error.jsp file has been updated for better XSS security with WebSphere and Firefox.
SR-A21111 · Issue 268559
Performance improvements for embedded page reference checks
Resolved in Pega Version 7.3
Significant performance differences were seen between opening custom rules in the developer portal and opening the same rules in an embedded page. This was traced to each embedded page in the stream checking to see if reference properties are present. To resolve this, DirectStream has been modified to cache the value of containsAnyReferenceProperties if it has already been checked so that it is not repeatedly checked when it is not necessary.
SR-A92512 · Issue 270130
WebLogic tool generation updated for complexType schema
Resolved in Pega Version 7.3
A red X error was seen for PRAsync MDB modules on the Resource Dependencies screen in the WebLogic console in deployments with WebLogic 11i or 12c. This was due to the EJB component (prbeans.jar) not being implemented to support complexType schema, and has been resolved by updating the Pega Platform WebLogic components to support complexType schema in the WebLogic tool generation.
SR-A96514 · Issue 275326
Updated encryption logic for URL obfuscation
Resolved in Pega Version 7.3
If URL obfuscation was enabled and the incoming URL had non-ASCII characters (or UNICODE) characters in it, the encryption process was failing due to the incorrect length of byte array formation in padding logic. This logic error has been corrected.
SR-A97323 · Issue 266550
XSS filtering added to pzDisplayModalDialog
Resolved in Pega Version 7.3
XSS filtering has been added to the pzDisplayModalDialog to improve security.
SR-B10345 · Issue 281585
Command line jar import handling improved
Resolved in Pega Version 7.3
When installing Smart Dispute and related strategic applications, exceptions occurred when generating a DDL via prpcUtils (e.g. prpcUtils.bat generateDDL) if any of the files listed in schema.archive.input did not contain schema changes or did not have a delta. This has been resolved by updating the system to better handle files that do not require a DDL to be generated.
SR-B10697 · Issue 282917
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.
SR-B10697 · Issue 280753
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.
SR-B10947 · Issue 280020
pzSUS Param properly URLEncoded
Resolved in Pega Version 7.3
The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.
SR-B11243 · Issue 284444
XSS handling added for ShowSelectedPortal in RedirectRun
Resolved in Pega Version 7.3
XCC handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.