Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

SR-D23239 · Issue 499591

Support added for multi-operator SAML logins

Resolved in Pega Version 8.4

When a SAML user logged in by Single Sign-On (SAML), the system processed the login to portal as a different operator if there was a function on the Attribute field under Operator identification in the SAML authentication service. In this scenario, using an expression for operator provisioning did not work because all SAML login sessions resolved to same first operator due to parseAndEvaluateExpression() in ExpressionHelper.java ignoring new expression arguments if the expression page already existed. To support the use of multiple operator logins in this format, the system has been updated to clone a new expression page for every session and update it with the correct expression arguments.

SR-D31734 · Issue 515657

XSS protection added for parameter page properties

Resolved in Pega Version 8.4

An XSS vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.

SR-D47685 · Issue 514647

Cookie logging restored

Resolved in Pega Version 8.4

As part of security updates, Cookies were restricted from being logged. However, this caused some business use cases such as a custom function call to obtain the list of cookies that are present in the application to stop working. To resolve this, the cookie logging restriction has been reverted.

SR-A102969 · Issue 273954

XSS security update for error.jsp

Resolved in Pega Version 7.3

The error.jsp file has been updated for better XSS security with WebSphere and Firefox.

SR-A96514 · Issue 275326

Updated encryption logic for URL obfuscation

Resolved in Pega Version 7.3

If URL obfuscation was enabled and the incoming URL had non-ASCII characters (or UNICODE) characters in it, the encryption process was failing due to the incorrect length of byte array formation in padding logic. This logic error has been corrected.

SR-A97323 · Issue 266550

XSS filtering added to pzDisplayModalDialog

Resolved in Pega Version 7.3

XSS filtering has been added to the pzDisplayModalDialog to improve security.

SR-B10697 · Issue 282917

XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader

Resolved in Pega Version 7.3

Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.

SR-B10697 · Issue 280753

XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader

Resolved in Pega Version 7.3

Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.

SR-B10947 · Issue 280020

pzSUS Param properly URLEncoded

Resolved in Pega Version 7.3

The Tomcat 8+ server was rejecting DWA URLs due to characters such as {,} that it considered to be unsafe. These characters were introduced by pzSus key in the URL, and these values will now be encoded for the browser to resolve these issues.

SR-B11243 · Issue 284444

XSS handling added for ShowSelectedPortal in RedirectRun

Resolved in Pega Version 7.3

XCC handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us