Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

Platform Version

Capability

SR-D62949 · Issue 527502

XSS protection added

Resolved in Pega Version 8.4

The CrossScriptingFilter API has been applied to address a potential XSS issue related to stream rule parameters used in the request header.

SR-D67323 · Issue 529948

XSS filtering added for CreateMergedWordDoc

Resolved in Pega Version 8.4

XSS filtering has been added for the TemplateName parameter value in the CreateMergedWordDoc section.

SR-D48248 · Issue 517239

XSS filtering added to URLs

Resolved in Pega Version 8.4

XSS filtering has been added to prevent the injection of a script into a URL using ViewXML.

SR-D30215 · Issue 503684

XSS protection added to ClientDynamicData

Resolved in Pega Version 8.4

Cross-site scripting protection has been added to the "DesignViewIframe" & "pzHarnessID" parameters in the pzClientDynamicData HTML rule.

SR-D65917 · Issue 528109

XSS protection added to ClientDynamicData

Resolved in Pega Version 8.4

Cross-site scripting protection has been added to the "DesignViewIframe" & "pzHarnessID" parameters in the pzClientDynamicData HTML rule.

SR-C82530 · Issue 420608

Atmosphere XSS Vulnerability fixed

Resolved in Pega Version 8.2.1

Atmosphere has been updated to close a potential XSS vunerability.

SR-D14161 · Issue 490594

XSS protection added to decryptURLString

Resolved in Pega Version 8.2.3

In order to secure against Cross-Site Scripting attacks, decryptURLString will return a blank string instead of plain text if it is not given valid encrypted text.

SR-D24497 · Issue 496467

Removed duplicated XSS filtering

Resolved in Pega Version 8.2.3

Some specific special characters ( "(" , ")", "%" , "&" ) in Delegated View of Data Type rules are not displayed properly in Edit view. Investigation showed the parameter value was subject to multiple passes of cross-site filtering, and the unneeded XSS filters have been removed.

SR-C79696 · Issue 417542

Atmosphere XSS Vulnerability fixed

Resolved in Pega Version 8.1.3

Atmosphere has been updated to close a potential XSS vunerability.

SR-C82530 · Issue 420609

Atmosphere XSS Vulnerability fixed

Resolved in Pega Version 8.1.3

Atmosphere has been updated to close a potential XSS vunerability.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us