Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

Platform Version

Capability

Security Project Delivery Conversational Channels
(Clear filters)

SR-B10697 · Issue 280753

XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader

Resolved in Pega Version 7.3

Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.

SR-B10947 · Issue 280020

pzSUS Param properly URLEncoded

Resolved in Pega Version 7.3

The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.

SR-B11243 · Issue 284444

XSS handling added for ShowSelectedPortal in RedirectRun

Resolved in Pega Version 7.3

XCC handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.

SR-B11243 · Issue 288261

XSS handling added for ShowSelectedPortal in RedirectRun

Resolved in Pega Version 7.3

XSS handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.

SR-B14331 · Issue 287641

pzSUS Param properly URLEncoded

Resolved in Pega Version 7.3

The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.

SR-B14745 · Issue 285506

pzSUS Param properly URLEncoded

Resolved in Pega Version 7.3

The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.

SR-B17270 · Issue 288020

XSS filtering added to Autocomplete highlighting

Resolved in Pega Version 7.3

XSS filtering has been added to Autocomplete highlighting for better security.

SR-B30747 · Issue 297009

XSS filtering added to report browser CategoryDescription

Resolved in Pega Version 7.3

The list of categories on the right in the report browser allowed some HTML tags to be applied when added to the label. XSS filters have been applied to the CategoryDescription labels to improve security.

SR-B33262 · Issue 289812

IACAuthentication security improved

Resolved in Pega Version 7.3

The IACAuthentication activity assumed third party authentication and did not check for a password. In order to improve security, default password validation has been added to the shipped IACAuthentication activity.

SR-B37039 · Issue 293524

Security upgrade for Struts2

Resolved in Pega Version 7.3

To improve security, Apache Struts2 has been upgraded to version 2.3.32 .

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us