Question
ING
NL
Last activity: 18 May 2023 6:20 EDT
Pega hazel cast hotfix ID for 8.4.3
Can someone share to me the hazelcast hotfix id for version 8.4.3?
Updated: 15 May 2023 7:57 EDT
Pegasystems Inc.
GB
@LichaelJohnH16633389 please clarify what Hazelcast issue you are experiencing.
We do not issue Hotfixes in the version you have listed. See Patch process for Pega Infinity 8.3 and later and Pega Platform Patch Releases Resolved Issues Download
If you want to check for known issues, you can always check our Resolved Issues documentation.
For any announcements, please check Review Security Advisories.
Updated: 17 May 2023 3:42 EDT
ING
NL
@MarijeSchillern Hi, Thanks for your reply, We are currently having this hazelcast issue
Accepted Solution
Updated: 18 May 2023 6:20 EDT
Pegasystems Inc.
GB
Hello
CVE-2022-36437 on the data source description.
See forum question Hazelcast CVE-2022-36437 ?
I have checked to see in which 8.4 patch we updated the embedded versions where we are using 3.12.10, 4.2.4 & 5.1.1 versions with 3.12.13, 4.1.10 & 5.1.5.
As per the Pega Infinity Patch Calendar Final 8.4.6 patch delivered Nov 2021.
Therefore you will have to update to the latest release in order to use the updated Hazelcast versions.
I have checked the original CVE announcement that was sent to our clients and I believe all available hotfix details were included there.
Hotfixes/Patch Releases:
|
Version |
Hotfix |
|
8.6.0 |
HFIX-85713 |
|
8.6.1 |
HFIX-85712 |
|
8.6.2 |
HFIX-85711 |
|
8.6.3 |
HFIX-85710 |
Hello
CVE-2022-36437 on the data source description.
See forum question Hazelcast CVE-2022-36437 ?
I have checked to see in which 8.4 patch we updated the embedded versions where we are using 3.12.10, 4.2.4 & 5.1.1 versions with 3.12.13, 4.1.10 & 5.1.5.
As per the Pega Infinity Patch Calendar Final 8.4.6 patch delivered Nov 2021.
Therefore you will have to update to the latest release in order to use the updated Hazelcast versions.
I have checked the original CVE announcement that was sent to our clients and I believe all available hotfix details were included there.
Hotfixes/Patch Releases:
|
Version |
Hotfix |
|
8.6.0 |
HFIX-85713 |
|
8.6.1 |
HFIX-85712 |
|
8.6.2 |
HFIX-85711 |
|
8.6.3 |
HFIX-85710 |
|
8.6.4 |
HFIX-85699 |
|
8.6.5 |
HFIX-85698 |
|
8.6.6 |
HFIX-85697 |
|
8.7.0 |
HFIX-85696 |
|
8.7.1 |
HFIX-85695 |
|
8.7.2 |
HFIX-85694 |
|
8.7.3 |
HFIX-85693 |
|
8.7.4 |
HFIX-85388 |
|
8.8 |
HFIX-85692 |
|
8.8.1 |
HFIX-85389 |
The vulnerability is fixed for 8.7.5, 8.8.2 patches and Pega Infinity '23 releases. See https://support.pega.com/pega-infinity-patch-calendar for more details.
For more details on the platform/clustering-service, see the following link: Pega-provided Docker images
Versions prior to 8.6:
Pega strongly recommends clients to update to the latest release and keep your platform current. The exploitation risk can be significantly lowered by following these recommendations:
-
The network hosting the Pega environments should be configured such that external access to Hazelcast server ports is completely restricted. The default TCP port range is 5701 to 5800.
-
This can be overridden by the customer using the following configuration: <env name="initialization/cluster/ports" value="xxxx"/> https://support.pega.com/support-doc/managing-clusters-hazelcast#common-cluster-settings [See section Common cluster settings -> Cluster Ports]
As you are using version 8.4.2 , you need to follow the instructions given above .
The network hosting the Pega environments should be configured such that external access to Hazelcast server ports is completely restricted. The default TCP port range is 5701 to 5800.
This can be overridden by the customer using the following configuration: https://support.pega.com/support-doc/managing-clusters-hazelcast#common-cluster-settings [See section Common cluster settings -> Cluster Ports]