Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

Platform Version

Capability

SR-A102969 · Issue 273954

XSS security update for error.jsp

Resolved in Pega Version 7.3

The error.jsp file has been updated for better XSS security with WebSphere and Firefox.

SR-B11243 · Issue 284444

XSS handling added for ShowSelectedPortal in RedirectRun

Resolved in Pega Version 7.3

XCC handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.

SR-B11243 · Issue 288261

XSS handling added for ShowSelectedPortal in RedirectRun

Resolved in Pega Version 7.3

XSS handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.

SR-B17270 · Issue 288020

XSS filtering added to Autocomplete highlighting

Resolved in Pega Version 7.3

XSS filtering has been added to Autocomplete highlighting for better security.

SR-B6669 · Issue 279329

XSS filters added to UI rulesets

Resolved in Pega Version 7.3

XSS filters have been added to pyCaseActionArea and pyAssignmentsLabel in Pega-EndUserUI and UIKit rulesets.

SR-B49305 · Issue 307379

XSS filtering added to Chart Title

Resolved in Pega Version 7.3.1

XSS security filtering has been added to the Chart Title in the Chart Editor.

SR-B52024 · Issue 308435

XSS filtering added to Chart Title

Resolved in Pega Version 7.3.1

XSS security filtering has been added to the Chart Title in the Chart Editor.

SR-B66204 · Issue 316885

XSS sanitizing added to clientID field

Resolved in Pega Version 7.3.1

During the time of construction of a ServiceRequest in the engine , the clientID field will be sanitized with the StringUtils.crossScriptFiltering API to avoid XSS attacks.

SR-C47022 · Issue 388398

XSS protection added to TopHarness query string

Resolved in Pega Version 8.1

When the topHarness query string parameter was provided with a request to Pega, its contents were written to the HTML stream without HTML-encoding the content, creating a Cross-Site Scripting vulnerability. To improve security, the “topHarness” value will be encoded using com.pega.pegarules.pub.util.StringUtils.crossScriptingFilter API in pzClientDynamicData.

SR-C9139 · Issue 352594

XSS filtering added to searched filter values

Resolved in Pega Version 8.1

ListViewHeader has been updated to apply XSS filtering to searched filter values.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us