Skip to main content

Question

 Lichael John Hipolito (LichaelJohnH16633389)
ING

ING
NL
LichaelJohnH16633389 Member since 2022 1 post
ING
Posted: May 15, 2023
Last activity: May 18, 2023
Posted: 15 May 2023 3:29 EDT
Last activity: 18 May 2023 6:20 EDT
Solved

Pega hazel cast hotfix ID for 8.4.3

Can someone share to me the hazelcast hotfix id for version 8.4.3?

***Edited by Moderator: Bhavana S to add Product version and capability tag***
To see attachments, please log in.
Pega Platform 8.4.3
Installation and Deployment
Client-managed Cloud

  • Reply

Accepted Solution

Posted: 1 year ago
Updated: 1 year ago
Posted: 17 May 2023 6:09 EDT
Updated: 18 May 2023 6:20 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

Hello

 CVE-2022-36437 on the data source description.

See forum question Hazelcast CVE-2022-36437 ?

I have checked to see in which 8.4 patch we updated  the embedded versions where we are using 3.12.10, 4.2.4 & 5.1.1 versions with 3.12.13, 4.1.10 & 5.1.5.

As per the Pega Infinity Patch Calendar  Final 8.4.6 patch delivered Nov 2021.

Therefore you will have to update to the latest release in order to use the updated Hazelcast versions.

 I have checked the original CVE announcement that was sent to our clients and I believe all available hotfix details were included there.

Hotfixes/Patch Releases: 

 

Version 

Hotfix 

8.6.0 

HFIX-85713 

8.6.1 

HFIX-85712 

8.6.2 

HFIX-85711 

8.6.3 

HFIX-85710 

Show More

Hello

 CVE-2022-36437 on the data source description.

See forum question Hazelcast CVE-2022-36437 ?

I have checked to see in which 8.4 patch we updated  the embedded versions where we are using 3.12.10, 4.2.4 & 5.1.1 versions with 3.12.13, 4.1.10 & 5.1.5.

As per the Pega Infinity Patch Calendar  Final 8.4.6 patch delivered Nov 2021.

Therefore you will have to update to the latest release in order to use the updated Hazelcast versions.

 I have checked the original CVE announcement that was sent to our clients and I believe all available hotfix details were included there.

Hotfixes/Patch Releases: 

 

Version 

Hotfix 

8.6.0 

HFIX-85713 

8.6.1 

HFIX-85712 

8.6.2 

HFIX-85711 

8.6.3 

HFIX-85710 

8.6.4 

HFIX-85699 

8.6.5 

HFIX-85698 

8.6.6 

HFIX-85697 

8.7.0 

HFIX-85696 

8.7.1 

HFIX-85695 

8.7.2 

HFIX-85694 

8.7.3 

HFIX-85693 

8.7.4 

HFIX-85388 

8.8 

HFIX-85692 

8.8.1 

HFIX-85389 

 

The vulnerability is fixed for 8.7.5, 8.8.2 patches and Pega Infinity '23 releases.  See https://support.pega.com/pega-infinity-patch-calendar for more details. 

For more details on the platform/clustering-service, see the following link: Pega-provided Docker images 

 

Versions prior to 8.6: 

 

Pega strongly recommends clients to update to the latest release and keep your platform current.  The exploitation risk can be significantly lowered by following these recommendations: 

  • The network hosting the Pega environments should be configured such that external access to Hazelcast server ports is completely restricted. The default TCP port range is 5701 to 5800.  

 

As you are using version 8.4.2 , you need to follow the instructions given above . 

The network hosting the Pega environments should be configured such that external access to Hazelcast server ports is completely restricted. The default TCP port range is 5701 to 5800.

This can be overridden by the customer using the following configuration: https://support.pega.com/support-doc/managing-clusters-hazelcast#common-cluster-settings [See section Common cluster settings -> Cluster Ports]

 

 

 

Show Less
To see attachments, please log in.
Posted: 1 year ago
Updated: 1 year ago
Posted: 15 May 2023 7:52 EDT
Updated: 15 May 2023 7:57 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@LichaelJohnH16633389 please clarify what Hazelcast issue you are experiencing.

We do not issue Hotfixes in the version you have listed.  See Patch process for Pega Infinity 8.3 and later and Pega Platform Patch Releases Resolved Issues Download

If you want to check for known issues, you can always check our Resolved Issues documentation. 

For any announcements, please check Review Security Advisories.

To see attachments, please log in.

Accepted Solution

Posted: 1 year ago
Updated: 1 year ago
Posted: 17 May 2023 6:09 EDT
Updated: 18 May 2023 6:20 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

Hello

 CVE-2022-36437 on the data source description.

See forum question Hazelcast CVE-2022-36437 ?

I have checked to see in which 8.4 patch we updated  the embedded versions where we are using 3.12.10, 4.2.4 & 5.1.1 versions with 3.12.13, 4.1.10 & 5.1.5.

As per the Pega Infinity Patch Calendar  Final 8.4.6 patch delivered Nov 2021.

Therefore you will have to update to the latest release in order to use the updated Hazelcast versions.

 I have checked the original CVE announcement that was sent to our clients and I believe all available hotfix details were included there.

Hotfixes/Patch Releases: 

 

Version 

Hotfix 

8.6.0 

HFIX-85713 

8.6.1 

HFIX-85712 

8.6.2 

HFIX-85711 

8.6.3 

HFIX-85710 

Show More

Hello

 CVE-2022-36437 on the data source description.

See forum question Hazelcast CVE-2022-36437 ?

I have checked to see in which 8.4 patch we updated  the embedded versions where we are using 3.12.10, 4.2.4 & 5.1.1 versions with 3.12.13, 4.1.10 & 5.1.5.

As per the Pega Infinity Patch Calendar  Final 8.4.6 patch delivered Nov 2021.

Therefore you will have to update to the latest release in order to use the updated Hazelcast versions.

 I have checked the original CVE announcement that was sent to our clients and I believe all available hotfix details were included there.

Hotfixes/Patch Releases: 

 

Version 

Hotfix 

8.6.0 

HFIX-85713 

8.6.1 

HFIX-85712 

8.6.2 

HFIX-85711 

8.6.3 

HFIX-85710 

8.6.4 

HFIX-85699 

8.6.5 

HFIX-85698 

8.6.6 

HFIX-85697 

8.7.0 

HFIX-85696 

8.7.1 

HFIX-85695 

8.7.2 

HFIX-85694 

8.7.3 

HFIX-85693 

8.7.4 

HFIX-85388 

8.8 

HFIX-85692 

8.8.1 

HFIX-85389 

 

The vulnerability is fixed for 8.7.5, 8.8.2 patches and Pega Infinity '23 releases.  See https://support.pega.com/pega-infinity-patch-calendar for more details. 

For more details on the platform/clustering-service, see the following link: Pega-provided Docker images 

 

Versions prior to 8.6: 

 

Pega strongly recommends clients to update to the latest release and keep your platform current.  The exploitation risk can be significantly lowered by following these recommendations: 

  • The network hosting the Pega environments should be configured such that external access to Hazelcast server ports is completely restricted. The default TCP port range is 5701 to 5800.  

 

As you are using version 8.4.2 , you need to follow the instructions given above . 

The network hosting the Pega environments should be configured such that external access to Hazelcast server ports is completely restricted. The default TCP port range is 5701 to 5800.

This can be overridden by the customer using the following configuration: https://support.pega.com/support-doc/managing-clusters-hazelcast#common-cluster-settings [See section Common cluster settings -> Cluster Ports]

 

 

 

Show Less
To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice