Skip to main content

- Get Started with Community
  
  Tools and knowledge to help you succeed.
- Get Inspired
- Get Involved
- Roles
- Products
- Concepts
- What's New
- Browse Documentation
- Visit Pega Documentation
- Learn
  - My Training
    - My Dashboard
  - Find Training
- Certifications
  - Get Certified
  - Find Certifications
    - Verify a Certification
    - Find Pega Certified Professionals
- About
  - Learning
  - Programs
- Visit Pega Academy
- Get Support
- Support Resources
- Working with Support
- EXPERT INSIGHTS
  
  Master Pega products and capabilities with advice from our experts.
- Browse the Marketplace
- Get Involved
- Visit Pega Marketplace

- Pega.com
  
  Explore solutions, events, and customers
  
  PegaWorld iNspire
  
  Register for our flagship event
  
  Partners
  
  Discover program benefits and enablement resources
  
  Marketplace
  
  Extend Pega with components and apps
  
  My Pega
  
  Manage your organization's relationship with Pega
  
  Pega Community
  
  Drive success with centralized content and resources
  
  Documentation
  
  Find product guides and reference docs
  
  Academy
  
  Complete missions, earn badges, and stay current
  
  Pega Constellation Design System
  
  Browse library of UI/UX templates, patterns, and components
  
  Careers
  
  Pega Support

- Log in or sign up to set up user profile.
- Log in or sign up to set up personalized notifications.

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.
Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

Platform Version

Capability

Data Integration (2259)

User Experience (2096)

Low-Code App Development (1268)

Case Management (994)

Decision Management (945)

Reporting (848)

System Administration (800)

Conversational Channels (205)

Project Delivery (59)

Cloud Services (40)

Robotic Process Automation (2)

Search

(Clear filters)

SR-A16960 · Issue 233576

Predictive Analytics rulesets excluded from RSA

Resolved in Pega Version 7.2.1

The Pega-provided Predictive Analytics rulesets were being incorrectly being checked and flagged by the Rule Security Analyzer. The PAD rulesets have now been properly excluded from the RSA check, and further analysis was done to find and fix other RSA flags that should have been excluded.

SR-A19297 · Issue 237347

Added ability to set custom HTTP security headers

Resolved in Pega Version 7.2.1

XSS protections were interfering with the ability to set custom HTTP headers. To enable this, the system will use dynamic system settings from http/responseHeaders and add them to every HTTP response.

SR-A21378 · Issue 245075

Resolved Interaction Portal unexpected close

Resolved in Pega Version 7.2.1

In Google Chrome, launching a secondary portal and encountering a Content Security Policy issue relating to an image caused the secondary portal to automatically close and the developer portal to be refreshed. This was an issue with a mismatch in the pyrequestor token, and has been corrected.

SR-A22198 · Issue 244738

Empty access groups handling added for organizational instance

Resolved in Pega Version 7.2.1

If an unauthenticated access group was configured in the organizational instance, errors occurred because the organization instance access groups are only considered for session authorization once the user is authenticated. This will now be handled through a validate activity change in the Data-admin-organization to honor the emptiness of access groups

SR-A24508 · Issue 246983

Apache Struts updated for security

Resolved in Pega Version 7.2.1

Apache Struts has been updated to version 2.3.28 to protect against potential security vulnerabilities exposed when Dynamic Method Invocation is enabled, removing the ability for remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

SR-A87291 · Issue 255631

JDBC password encryption check logic updated

Resolved in Pega Version 7.2.2

When using a Database instance with a JDBC connection URL, the specified password is encrypted. An issue was occurring where multiple saves of the instance caused the encrypted password to be encrypted again, causing the agent to lose access to the DB due to an authentication failure. The problem was traced to a logic flaw in the method used to check whether the password was already encrypted, and has been fixed.

SR-A91802 · Issue 260001

Apache Struts JARS updated to improve security

Resolved in Pega Version 7.2.2

The Apache Struts JARs have been updated to resolve the following potential security vulnerabilities: The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.

SR-A87698 · Issue 256038

SQL info stripped from user-view DB2 error codes

Resolved in Pega Version 7.2.2

A security audit showed that entering bogus values for pyActivity in a URL resulted in actual DB@ error codes provided to user in the exception response. In order to prevent any vulnerability, the message shown to the http client will mask SQLCodes.

SR-A87698 · Issue 260087

SQL info stripped from user-view DB2 error codes

Resolved in Pega Version 7.2.2

A security audit showed that entering bogus values for pyActivity in a URL resulted in actual DB@ error codes provided to user in the exception response. This was not an issue with Oracle. In order to prevent any vulnerability, the message shown to the http client will mask SQLCodes.

SR-A87992 · Issue 258338

OperatorID page handling corrected for authentication failures

Resolved in Pega Version 7.2.2

A valid authentication attempt with security policies and password lock-out feature enabled caused the 'OperatorID' to be present in all the threads, but when the user made an invalid attempt first and then a valid attempt, the 'OperatorID' page was visible only in 'STANDARD' thread and empty in other threads. This was an issue with the method used to update the failure count for authentication attempts, and has been corrected.

Previous Navigate to first page 1 … Navigate to page 36 Navigate to page 37 Navigate to page 38 Navigate to page 39 You are currently on page 40 Navigate to page 41 Navigate to page 42 Navigate to page 43 Navigate to page 44… Navigate to last page 48 Next

About Pegasystems

Pegasystems is the leader in cloud software for customer engagement and operational excellence. If you’ve driven a car, used a credit card, called a company for service, opened an account, flown on a plane, submitted a claim, or performed countless other everyday tasks, chances are you’ve interacted with Pega. For the past 30 years, our technology – CRM, digital process automation, robotics, AI, and more – has empowered the world’s leading companies to achieve breakthrough results.

Join the conversation

X (Twitter)
Facebook
Linkedin
Youtube

Company

About Pega
Office Locations
Careers
Contact Us

Pega Sites

Pega Community
Pega Academy
PegaWorld
Pega Blog
Product Design

Resources

Get Started with Pega
Documentation
Training
Support
Marketplace

Legal

Terms of Use
Support
Glossary
Privacy
Your Privacy Choices
Trademarks

©2024 Pegasystems Inc.

Open in new window

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

Join Now

Log in

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Google Chrome
Mozilla Firefox
Microsoft Edge

Close Deprecation Notice Close Deprecation Notice

Contact us