Vulnerable Components found in Pega v19
Good day Pega Support,
It has been we've reached out to you last Aug and Sep. but it seems we don't have clear solution path from your team on the vulnerabilities of software components we reported to you. Though some can be removed or uninstalled manually post deployment but we prefer to have a clean installer or software package for us to deploy to our users without these vulnerabilities. Hope to get more definite response from Pega on the plan and solution path soonest.
JamesNK/Newtonsoft.Json : 11.0.2 : 1
Microsoft ASP.NET MVC : 4.0.20710.0 : 1
moment/moment : 2.29.1 : 1
System.Security.Cryptography.X509Certificates : 4.1.0 : 1
Microsoft.Owin : 3.1.0 : 1
Regards,
Jolly Punongbayan
Pegasystems Inc.
US
Hi @JollyP70
All of these issues were resolved in our October 14th release, as promised: Robot Studio/Runtime 19.1.116 and PNF Proprietary information hidden2. This is mentioned in the build notes and was also messaged to you on INC-227807, where you are listed as an additional contact.
I am sorry that you missed our communications. You can always private message me if you have questions in the future.
Regards, Becky