SR-A93038 · Issue 264675
Service REST requestor memory leak resolved
Resolved in Pega Version 7.2.2
The Asynchronous mode of executing Service REST acquired requestors from the pool while executing the queued jobs but did not return the requestors to the pool properly, causing a memory leak due to the requestors persisting in the system and not closing down. This has been fixed.
SR-A79631 · Issue 258414
XML generation switched to literal mode to handle encoding
Resolved in Pega Version 7.2.2
The encoded format of + was appearing in the outgoing XML stream due to the stream being generated with normal mode instead of literal. This has been changed.
SR-A79631 · Issue 257900
XML generation switched to literal mode to handle encoding
Resolved in Pega Version 7.2.2
The encoded format of + was appearing in the outgoing XML stream due to the stream being generated with normal mode instead of literal. This has been changed.
SR-A77003 · Issue 252758
GetFileAttachmentContent validates with Data-WorkAttachment- instead of File
Resolved in Pega Version 7.2.2
The SetEmailAttachments activity step 3 (java step) called a RUF pxGetFileAttachmentContent that always validated the pxObjClass with Data-WorkAttach-File. In order to support other classes of attachment, the validation process has been changed to Data-WorkAttachment- instead of File.
SR-A87728 · Issue 257771
Improved null namespace handling for WSDL import
Resolved in Pega Version 7.2.2
The SOAP Connector (Wizard) functionality in the Pega product was implemented and tested with the assumption that the WSDL document provided for consumption would contain a target namespace. Though not technically required, the great majority of WSDL documents meet this description. However, when using an imported WSDL that has no namespaces, the pxParseWSDL activity was passing a reported null namespace to some Axis2 activities that were not capable of safely consuming Definitions with null namespaces. This resulted in a "StringIndexOutOfBounds" error. To create more stability with the additional activities, WSDLParser has been updated to use QName objects themselves whenever possible and set the target namespace for the Definition to "" when it detects that it is null.
SR-A90147 · Issue 258936
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A91799 · Issue 259729
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A92490 · Issue 259593
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A92491 · Issue 259592
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.
SR-A92492 · Issue 259728
Apache Commons FileUpload updated for increased security
Resolved in Pega Version 7.2.2
The version of Apache Commons FileUpload included with Tomcat has been updated to remove the potential of remote attackers causing a denial of service attack through CPU consumption via a long boundary string.