Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Download resolved issues

Go to download resolved issues by patch release.

See Platform Release Notes

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please update your bookmarks. This site will be discontinued in Dec 2024.

Pega Platform Resolved Issues for 8.1 and newer are now available on the Support Center.

Platform Version

Capability

SR-D31734 · Issue 515657

XSS protection added for parameter page properties

Resolved in Pega Version 8.4

An XSS vulnerability was seen with the Edge browser when run on visibility on client check was enabled with dynamic layouts and some properties were accessed from parameter page. Because run on visibility on client check is not required in this scenario, is has been removed and the values will be accessed from the server instead.

SR-D21803 · Issue 502131

XSS protection added for embedded portal URI

Resolved in Pega Version 8.4

The URI used in the top window of embedded portals has been encoded to prevent DOM based XSS.

SR-D38581 · Issue 504776

Removed unnecessary XSS filtering on paragraph rule

Resolved in Pega Version 8.4

When a link was set in a paragraph rule, the target option was removed in the returned layout structure. This was traced to unnecessary XSS filtering which has now been removed.

SR-D49527 · Issue 516297

XSS security added to CKEditor in Richtext Editor

Resolved in Pega Version 8.4

A scenario where HTML objects could be copied and pasted into CKEditor and the click action modified to perform different actions was traced to Pega event attributes present in the RTE content. This has been corrected by blacklisting Pega event attributes like data-click, etc.

SR-C96362 · Issue 433333

XSS filter added to API form handling

Resolved in Pega Version 8.1.4

An XSS scripting filter has been added for properties that can be changed via API.

SR-C96362 · Issue 433332

XSS filter added to API form handling

Resolved in Pega Version 8.2.2

An XSS scripting filter has been added for properties that can be changed via API.

SR-A6766 · Issue 215088

Corrected XSS filter handling of properties with parentheses

Resolved in Pega Version 7.2

While localizing any text using field value to a property that contains parentheses, '(' and ')' were being encoded to ( and ) respectively. This was traced to the cross-site scripting filter being applied twice twice in in the RUF pzGenerateLabelInclude, and has been corrected.

SR-A2361 · Issue 212842

XSS fix updated for IAC with CSRF tokens

Resolved in Pega Version 7.2

After updating to address a potential XSS security issue, some problems were found with using IAC with CSRF tokens in the pathinfo. Additional checks have been added to handle this scenario.

SR-A2361 · Issue 210192

XSS fix updated for IAC with CSRF tokens

Resolved in Pega Version 7.2

After updating to address a potential XSS security issue, some problems were found with using IAC with CSRF tokens in the pathinfo. Additional checks have been added to handle this scenario.

SR-A11563 · Issue 224698

XSS security added to data table edits

Resolved in Pega Version 7.2

When editing a data table and saving the record, the request could be intercepted and a vulnerable string added to the pageIndex parameter. XSS security has been added to this function.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us