Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

Platform Version

Capability

Security Mobile Conversational Channels
(Clear filters)

SR-A87992 · Issue 258338

OperatorID page handling corrected for authentication failures

Resolved in Pega Version 7.2.2

A valid authentication attempt with security policies and password lock-out feature enabled caused the 'OperatorID' to be present in all the threads, but when the user made an invalid attempt first and then a valid attempt, the 'OperatorID' page was visible only in 'STANDARD' thread and empty in other threads. This was an issue with the method used to update the failure count for authentication attempts, and has been corrected.

SR-A90144 · Issue 259472

Apache Struts JARS updated to improve security

Resolved in Pega Version 7.2.2

The Apache Struts JARs have been updated to resolve the following potential security vulnerabilities: The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

SR-A93015 · Issue 260000

Apache Struts JARS updated to improve security

Resolved in Pega Version 7.2.2

The Apache Struts JARs have been updated to resolve the following potential security vulnerabilities: The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

SR-A93024 · Issue 259995

Apache Struts JARS updated to improve security

Resolved in Pega Version 7.2.2

The Apache Struts JARs have been updated to resolve the following potential security vulnerabilities: The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

SR-A23603 · Issue 258204

ADP alert messages updated for security

Resolved in Pega Version 7.2.2

To improve security, ADP alert messages have been changed to include only data page name rather than the cache key used to identify the data page in the async service manager cache.

SR-A89212 · Issue 257059

WKWebview updated

Resolved in Pega Version 7.2.2

A partially successful workaround was inserted into the previous version to fix an issue with Apple's WKWebview where an iframe on a case screen was preventing the native Sidebar from working. However, some JavaScript confirm functions with property type Data continued to generate occasional errors. WKWebview has now been updated to resolve the issues, the workaround has been removed, and all confirm functions should be working as expected.

SR-A89212 · Issue 257378

WKWebview updated

Resolved in Pega Version 7.2.2

A partially successful workaround was inserted into the previous version to fix an issue with Apple's WKWebview where an iframe on a case screen was preventing the native Sidebar from working. However, some JavaScript confirm functions with property type Data continued to generate occasional errors. WKWebview has now been updated to resolve the issues, the workaround has been removed, and all confirm functions should be working as expected.

SR-A90165 · Issue 258244

WKWebview updated

Resolved in Pega Version 7.2.2

A partially successful workaround was inserted into the previous version to fix an issue with Apple's WKWebview where an iframe on a case screen was preventing the native Sidebar from working. However, some JavaScript confirm functions with property type Data continued to generate occasional errors. WKWebview has now been updated to resolve the issues, the workaround has been removed, and all confirm functions should be working as expected.

SR-A80668 · Issue 256820

DateTime Accessibility improved for iOS

Resolved in Pega Version 7.2.2

Accessibility has been improved for the DateTime control in iOS, allowing Input, Calendar image, Show Previous Month, Show Previous Year, Show Next Month, and Show Next Year buttons to be read out correctly.

SR-A93531 · Issue 266554

Corrected mobile login issues after sync

Resolved in Pega Version 7.2.2

After forcing a full sync, users already logged into the app (i.e. packaged data is present in client) observed login issues thereafter while new users did not. This has been corrected by updating the logic in the pzpega_ui_doc_HCLoadManager getOfflineStorageCount API call.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us