Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

SR-B56328 · Issue 312168

RARO rules more secure against deletion

Resolved in Pega Version 7.3.1

In order to make RARO rules more secure, the system has been updated such that Class Permissions can't be deleted from the role unless the operator has permission and is operating in a valid context (unlocked ruleset). This has been done by revising the Role rule form to disable the delete button when RARO/RADO is in a locked ruleset.

SR-B57046 · Issue 314358

Parameters removed from on-screen error messages to protect sensitive data

Resolved in Pega Version 7.3.1

It was discovered that sensitive information such as account numbers used as parameters were being displayed in exception error messages displayed on the screen. Including the parameters as part of the error is intended to aid in debugging the problem, but these parameters do not need to be displayed in the UI. In order to protect potentially sensitive data, parameter values have been removed from the exception message. When the DeclarativePageDirectoryImpl logger is enabled, the parameters will be entered into the Pega log files and not shown on screen.

SR-B67143 · Issue 316168

Proxy configurations made available to OAuth2 and other clients

Resolved in Pega Version 7.3.1

Setting up Proxy for the REST Connector was not working when using OAuth2. When using OAuth2 authorization for Connector features including REST Connectors, the com.pega.pegarules.integration.engine.internal.client.oauth2.OAuth2ClientImpl class is used for connections to the OAuth2 Provider for interactions such as fetching authorization tokens. However, OAuth2ClientImpl does not have the required code for "picking up" the JVM-level proxy settings and applying them to the HTTP Client it uses, so the HTTP calls to the OAuth2 provider were always bypassing the configured HTTP proxy. In order to resolve this and enhance future use, the code in the RESTConnector module that allows REST Connectors to use HTTP Proxies has been extracted out into the "HTTPClientUtils" module so that it can be used by any consumer to apply the system's Proxy configuration to any instance of PegaRESTClient. OAuth2ClientImpl has been updated to call this during HTTP client setup, prior to making the request for data from OAuth2 Providers, and RESTConnnector has been updated to call this new implementation to replace the universal Proxy code that was refactored out of it.

SR-B43400 · Issue 307258

Localization added for field value used in 'Enter a Short Description' validation message

Resolved in Pega Version 7.3.1

Localization was failing for the 'Enter a Short Description' validation message when using a Field Value due to the message rule containing spaces. To fix this, a new message rule has been created without spaces in the same ruleset so that it is available for override use in the ruleset.

SR-B66204 · Issue 316885

XSS sanitizing added to clientID field

Resolved in Pega Version 7.3.1

During the time of construction of a ServiceRequest in the engine , the clientID field will be sanitized with the StringUtils.crossScriptFiltering API to avoid XSS attacks.

SR-B75677 · Issue 326354

Password set removed from Lock and Roll tool

Resolved in Pega Version 7.3.1

The way the Lock and Roll tool set passwords was confusing and often caused a new application to be created with the wrong password, preventing updating the new rule or even requiring administrators to manually create the application rules. To resolve this, pzLPLockAndRollApplication has been changed to remove the setting of pySetPassword and pySetPasswordConfirmText so the values will be empty for the new version.

SR-B56648 · Issue 315674

Added security check when running out-of-the-box reports with ShowSelectorView

Resolved in Pega Version 7.3.1

A security issue was found where non-authorized users were able to access the out-of-the-box report details in their portal by manipulating the URL to pass a "short-cut" parameter that executed the Final "ShowSelectorView" activity. To avoid the need to set the explicit privileges manually, the ShowSelectorView activity will call a security check to prevent this.

SR-B45056 · Issue 328736

XSS filtering added to getClassOfPageReference

Resolved in Pega Version 7.4

XSS filtering has been added to the URL produced when using getClassOfPageReference.

SR-B45056 · Issue 330368

XSS filtering added to getClassOfPageReference

Resolved in Pega Version 7.4

XSS filtering has been added to the URL produced when using getClassOfPageReference.

SR-B74553 · Issue 326255

Refined accessgrouplist checks

Resolved in Pega Version 7.4

Following a system modification that changed the property used to populate the access groups list to match that on clipboard (correct value), a previously unseen issue was uncovered where all the division and organization AGs were being added to the list. This has been addressed by updating the code to add the applications on division and organization only when there is no default selected at the operator. If there is some application selected as default at the operator, then the division or organization applications will not be added. If there is nothing selected at operator, then a check for division will be made, and if there is nothing selected at division then organization will be checked.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us