Question
Virtusa
IN
Last activity: 12 Feb 2025 7:53 EST
Vulnerable software package in pega images
It was observed that the following Pega images contain vulnerable software package.
- installer:8.8.3.ojdbc
- pega:8.8.3.ojdbc
How to resolve this issue?
Updated: 12 Feb 2025 7:53 EST
Pegasystems Inc.
GB
@AnilKumarTechy please can you clarify which image you are referring to?
Are you using a docker-pega-web-ready image?
Where is the package flagged as vulnerable?
I am unable to find any reference to 8.3.3.ojdbc.
Pega Platform ’23 Installation and Updates stall on Oracle with old JDBC driver [SDR-A161]
For Enterprise Edition you can verify 'My Security Hotfixes' on MyPega portal as per the FAQ page.
Review Security Advisories via the PSC.
Security Checklist on the Documentation server.
@AnilKumarTechy please can you clarify which image you are referring to?
Are you using a docker-pega-web-ready image?
Where is the package flagged as vulnerable?
I am unable to find any reference to 8.3.3.ojdbc.
Pega Platform ’23 Installation and Updates stall on Oracle with old JDBC driver [SDR-A161]
For Enterprise Edition you can verify 'My Security Hotfixes' on MyPega portal as per the FAQ page.
Review Security Advisories via the PSC.
Security Checklist on the Documentation server.
Pega 8.8.3 release moved into extended support and no longer receive patches. For more information please refer to the article regarding Pega's Extended Support Program.
I believe JDBC driver is no longer embedded in a docker-image but injected by configuration service
For your issue, please see if the below post helps:
How To: Reduce the External Dependency on JDBC Driver in Openshift Environment
Latest documentation:
Mitigating common security vulnerabilities
Install and update Pega Platform