SR-125113 · Issue 216785
Localized labels displaying in Safari
Resolved in Pega Version 7.2
Localized headers were not displaying properly on Safari browsers if the Fat List mode was used for the grid headers. Rendering worked as expected using Field Value mode. This was an issue with localized labels not rendering properly when the width of the Safari browser is reduced, and has been fixed. In addition, an issue with the header values being added dynamically instead of using constant values for a mobile browser grid using responsive mode has also been fixed.
SR-A12775 · Issue 236646
ChangePassword screen now allows custom messages
Resolved in Pega Version 7.2.1
The pzChangePassword activity has been enhanced to allow customizing the change password screen
SR-A14879 · Issue 232530
Improved security for JSON stack
Resolved in Pega Version 7.2.1
To increase security, the response to invalid JSON input will display a generic InvalidStream message rather than the full class name and method name. The complete information will be available in the log.
SR-A15922 · Issue 231258
Support added for cleartext passwords in Snapstart
Resolved in Pega Version 7.2.1
When posting credentials from an external source, the code makes the assumption that the Password value is encoded and therefore it is decoded prior to being handed to the authentication activity in Pega. This is not always the case. If the Password value is passed as clear text the result in the activity is garbled. This creates problems when subsequent authentication is attempted to an external source. To support this handling, a new DASS 'authentication/Snapstart/pwddecode' has been added. When the setting is false, the password is not decoded in Snapstart cases and will necessitate a cleartext password.
SR-A16543 · Issue 235300
Resolved Interaction Portal unexpected close
Resolved in Pega Version 7.2.1
In Google Chrome, launching a secondary portal and encountering a Content Security Policy issue relating to an image caused the secondary portal to automatically close and the developer portal to be refreshed. This was an issue with a mismatch in the pyrequestor token, and has been corrected.
SR-A16960 · Issue 233576
Predictive Analytics rulesets excluded from RSA
Resolved in Pega Version 7.2.1
The Pega-provided Predictive Analytics rulesets were being incorrectly being checked and flagged by the Rule Security Analyzer. The PAD rulesets have now been properly excluded from the RSA check, and further analysis was done to find and fix other RSA flags that should have been excluded.
SR-A18905 · Issue 233955
OrgName error resolved for MobileOffline:Obj-Open-By-Handle
Resolved in Pega Version 7.2.1
If Obj-Open-By-Handle was configured on the Org Name link in MobileOffline for the master details of a Contact Work Object, clicking on the link generated an "Empty Work Item Handle" error despite the OrganizationID(Handle) being present on the data page. This was an error in the actions array for the "runScript" API, and has been fixed.
SR-A19297 · Issue 237347
Added ability to set custom HTTP security headers
Resolved in Pega Version 7.2.1
XSS protections were interfering with the ability to set custom HTTP headers. To enable this, the system will use dynamic system settings from http/responseHeaders and add them to every HTTP response.
SR-A21298 · Issue 239141
NPE on mobile list open resolved
Resolved in Pega Version 7.2.1
A null pointer exception was being generated on mobile device when opening list items. A null check has been added to pega_ui_modaldialog to resolve this exception.
SR-A21378 · Issue 245075
Resolved Interaction Portal unexpected close
Resolved in Pega Version 7.2.1
In Google Chrome, launching a secondary portal and encountering a Content Security Policy issue relating to an image caused the secondary portal to automatically close and the developer portal to be refreshed. This was an issue with a mismatch in the pyrequestor token, and has been corrected.