Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

Platform Version

Capability

INC-162987 · Issue 641749

XSS protections updated for SOAP WSDL

Resolved in Pega Version 8.3.6

XSS protections have been updated for reading WSDL nodes.

SR-C85096 · Issue 423237

XSS check logic updated for pyPosition

Resolved in Pega Version 8.1.4

Additional logic has been added to prevent the injection of javascript into script tags while rendering Smart Tips.

SR-C85096 · Issue 423236

XSS check logic updated for pyPosition

Resolved in Pega Version 8.2.1

Additional logic has been added to prevent the injection of javascript into script tags while rendering Smart Tips.

SR-D28060 · Issue 498750

XSS filtering added to App Studio

Resolved in Pega Version 8.2.3

The pzDisplaySpaceFeedTitle control which is used to display the audit feed in Pega App Studio has been updated with XSS filtering.

SR-D26244 · Issue 501192

Label control XSS protection added

Resolved in Pega Version 8.2.3

XSS protection has been added to label control.

SR-118486 · Issue 175139

XSS filtering improved for Host and Gateway

Resolved in Pega Version 7.1.8

For security, XSS filtering has been improved on hostconfig.jsp and GatewayAdminUtils.java .

SR-118512 · Issue 175817

Improved error handling for iFrame XSS

Resolved in Pega Version Pega Platform, Resolved in Pega Version 7.1.7

When using cross-site scripting with iFrame, attempts to use auto-complete did not populate data and an 'Access Denied' error was raised when keywords were entered for searching. While the system cannot access or modify iFrame content from another domain, the javascript for the autocomplete function has been modified to correctly handle any exceptions thrown while accessing iFrame from a different domain.

SR-A14890 · Issue 230875

Tab title XSS decoding updated

Resolved in Pega Version 7.2.1

Tab titles were not correctly decoding the "(" and ")" characters in the caseID for display due to the XSS handling. This has been updated.

SR-A17065 · Issue 233138

Support added for custom XSS headers

Resolved in Pega Version 7.2.1

After upgrade, problems were found with setting XSS headers. To resolve this, the new Dynamic System Setting "http/responseHeaders" has been added to support custom HttpResponseHeaders.

SR-A93395 · Issue 264801

XSS vulnerability closed in DynamicSelect_variables

Resolved in Pega Version 7.2.2

A potential XSS vulnerability has been addressed in DynamicSelect_variables.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us