Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Ramsurendar Govindarajan (Surendar)
Coforge

Coforge
IN
Surendar Member since 2016 10 posts
Coforge
Posted: Nov 21, 2022
Last activity: Nov 23, 2022
Posted: 21 Nov 2022 8:31 EST
Last activity: 23 Nov 2022 3:02 EST
Closed
Solved

Hotfix regarding security vulnerability

We have used few hotfixes(HFIX-63334, HFIX-81561 & HFIX-81350) for security vulnerability in Pega product version 8.1.1. 

Also we have learnt that in later releases these hot fixes were fixed.

HFIX-63334  fixed in 8.1.9

HFIX-81561 fixed in 8.5.6

HFIX-81350 fixed in  8.3

 

Now we have a question whether the same hotfix can be used for another application, which is in PEGA version 8.1.4. Do we have to perform any compatibility check before we use them in V8.1.4?

 

TIA,

Ram

 

 

***Edited by Moderator: Pooja Gadige to add capability tag***
To see attachments, please log in.
Pega Platform 8.1.4
Updates
Financial Services

Accepted Solution

Posted: 2 years ago
Updated: 2 years ago
Posted: 22 Nov 2022 8:31 EST
Updated: 23 Nov 2022 0:18 EST
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@Surendar  Pega releases patches updates for minor releases for 18 months following general availability.  8.1 GA was Sept 30, 2018 (see dates listed on the Platform Support Guide under 'Operating Systems' section) therefore 8.1.9 was the last patch and no further hotfixes are issued. 

Therefore to answer your question the recommendation is to migrate to 8.7 or 8.8 where all the security vulnerabilities are fixed.   8.5.6 was the last patch and 8.5 is already in extended support, and 8.6 is following closely.

See full schedule here.

To see attachments, please log in.
Posted: 2 years ago
Posted: 21 Nov 2022 9:53 EST
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@Surendar  if the hotfix was built for 8.1.1 then you should not be installing those hotfixes on Pega 8.1.4.  You would need to update to the listed patch version where the original bug was fixed. 

Note that Pega 8.1.4 has entered Extended Support.

Please see the Pega software maintenance program  

To see attachments, please log in.
Posted: 2 years ago
Posted: 22 Nov 2022 6:14 EST
Ramsurendar Govindarajan (Surendar)
Coforge

Coforge
IN

@MarijeSchillern Thanks for the details.

Now that PEGA 8.1.4 is in extended support till June 30, 2023, can I request for the equivalent Hfix in version 8.1.4 for these three security vulnerability remediation.

Should we have to update highest patch 8.1.9 to raise this request or we have to strictly migrate to 8.5.6 where all the security vulnerabilities are fixed. Please advise

Thanks

Ram

To see attachments, please log in.

Accepted Solution

Posted: 2 years ago
Updated: 2 years ago
Posted: 22 Nov 2022 8:31 EST
Updated: 23 Nov 2022 0:18 EST
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@Surendar  Pega releases patches updates for minor releases for 18 months following general availability.  8.1 GA was Sept 30, 2018 (see dates listed on the Platform Support Guide under 'Operating Systems' section) therefore 8.1.9 was the last patch and no further hotfixes are issued. 

Therefore to answer your question the recommendation is to migrate to 8.7 or 8.8 where all the security vulnerabilities are fixed.   8.5.6 was the last patch and 8.5 is already in extended support, and 8.6 is following closely.

See full schedule here.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice