Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

Platform Version

Capability

Security 7.2.2 7.1.9
(Clear filters)

SR-A93024 · Issue 259995

Apache Struts JARS updated to improve security

Resolved in Pega Version 7.2.2

The Apache Struts JARs have been updated to resolve the following potential security vulnerabilities: The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

SR-A23603 · Issue 258204

ADP alert messages updated for security

Resolved in Pega Version 7.2.2

To improve security, ADP alert messages have been changed to include only data page name rather than the cache key used to identify the data page in the async service manager cache.

SR-A91743 · Issue 258673

Security update for pxInitials control

Resolved in Pega Version 7.2.2

XSS (Cross Scripting Filter) has been added for potentially exploitable parameters in the pxInitials control.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us