SR-A8445 · Issue 220085
Ensured display of empty user worklist section in hybrid client
Resolved in Pega Version 7.2
The user worklist section was not being displayed in the hybrid client if the login had no assignments (the WL(D_pyUserWorkList pxresultcount is zero) and the crewleaderworklist harness had a repeating dynamic layout. This has been corrected.
SR-A8217 · Issue 223611
Added server retry for push notifications in Sales Automation 7.14 / SFADevelopment for Android
Resolved in Pega Version 7.2
Push Notifications were not working on Sales Automation 7.14 / SFADevelopment for Android. This was traced to an error returned by the GCM server during registration, and the code has been modified to re-try the registration process if a failure is encountered.
SR-A12537 · Issue 224733
Optimistic locking honors OfflineEnabled function
Resolved in Pega Version 7.2
After upgrade, if a top level case type rule was checked out through the Case Explorer by opening the Case Designer and then changing the locking mode to Optimistic, the value reset back to Default after check-in. This was an issue with the pyOfflineEnabled setting being honored, and has been corrected.
SR-A9893 · Issue 220141
Checkbox values retained in Hybrid client on iOS
Resolved in Pega Version 7.2
Checkbox property values were not retained in Hybrid client on iOS inside a repeating dynamic layout, displaying the checkboxes as unchecked even when the property associated with the checkbox had value = true. This was not an issue when running the application on a desktop or in a regular mobile browser. This was traced to the ID attribute value of all the checkboxes being rendered as the same in this circumstance, and the system has been updated to generate unique ID attributes if bOptimized is true in the pzGenerateCheckbox RUF.
SR-125113 · Issue 193442
Localized labels displaying in Safari
Resolved in Pega Version 7.2
Localized headers were not displaying properly on Safari browsers if the Fat List mode was used for the grid headers. Rendering worked as expected using Field Value mode. This was an issue with localized labels not rendering properly when the width of the Safari browser is reduced, and has been fixed. In addition, an issue with the header values being added dynamically instead of using constant values for a mobile browser grid using responsive mode has also been fixed.
SR-125113 · Issue 216785
Localized labels displaying in Safari
Resolved in Pega Version 7.2
Localized headers were not displaying properly on Safari browsers if the Fat List mode was used for the grid headers. Rendering worked as expected using Field Value mode. This was an issue with localized labels not rendering properly when the width of the Safari browser is reduced, and has been fixed. In addition, an issue with the header values being added dynamically instead of using constant values for a mobile browser grid using responsive mode has also been fixed.
SR-A87291 · Issue 255631
JDBC password encryption check logic updated
Resolved in Pega Version 7.2.2
When using a Database instance with a JDBC connection URL, the specified password is encrypted. An issue was occurring where multiple saves of the instance caused the encrypted password to be encrypted again, causing the agent to lose access to the DB due to an authentication failure. The problem was traced to a logic flaw in the method used to check whether the password was already encrypted, and has been fixed.
SR-A91802 · Issue 260001
Apache Struts JARS updated to improve security
Resolved in Pega Version 7.2.2
The Apache Struts JARs have been updated to resolve the following potential security vulnerabilities: The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
SR-A76763 · Issue 252485
Ensured Dirty pop up appears for mobile log off
Resolved in Pega Version 7.2.2
While closing a dirty form on a mobile device, the warning popup was not shown while logging off. A check has been added to control_actions so logging out will return 'if dirty' to resolve this.
SR-A87698 · Issue 256038
SQL info stripped from user-view DB2 error codes
Resolved in Pega Version 7.2.2
A security audit showed that entering bogus values for pyActivity in a URL resulted in actual DB@ error codes provided to user in the exception response. In order to prevent any vulnerability, the message shown to the http client will mask SQLCodes.