Applies to Pega Platform™ version 8.7 and earlier versions
Risk mitigation
Pega used Yahoo! User Interface (YUI) 2.x as the basis of its UI engine when it was first written. Pega forked YUI within the product to meet functional and security-related needs as gaps were discovered.
Static analyzers will continue to identify this code, YUI 2.x libraries, as outdated.
However, the Pega engineering team has mitigated risks related to Cross-Site Request Forgery (CSRF) and Hijacking. Pega software has successfully undergone penetration tests performed by clients and performed by the Pega Security team. All issues identified were promptly fixed within Pega software.
Pega software modules affected by YUI 2.x libraries
The following table identifies the Pega software modules that have used YUI 2.x.
The YUI Version column identifies the YUI version that Pega software (File Name, Ruleset) has forked from, if forked.
The Modified in Pega column identifies those modules that have been forked.
The Changes column briefly describes what changed in the Pega software module (File Name).
File Name | Ruleset | YUI Version | Modified in Pega | Changes |
---|---|---|---|---|
pega_yui_connection |
Pega-Desktop |
2.5.1 |
Yes |
Changes related to performance, |
pega_yui_event |
Pega-UIEngine |
2.5.1 |
Yes |
Edge browser support |
pega_yui_tabview |
Pega-UIEngine |
|
Yes |
Changes to support the Accordion Layout |
pega_yui_utilities |
Pega-Desktop |
2.5.2 |
Yes |
Mashup support when CSRF is enabled |
pega_yui_layout |
Pega-UIEngine |
2.5.2 |
Yes |
Layout related resize issues fixes |
pega_yui_resize |
Pega-UIEngine |
2.5.2 |
Yes |
Width and height issues fixes |
pega_yui_container |
Pega-UIEngine |
2.5.2 |
Yes |
Updated "Center()" API to calculate |
pega_yui_yahoo |
Pega-UIEngine |
2.5.1 |
Yes |
Added additional browser checks |
pega_yui_dragdrop |
Pega-UIEngine |
2.5.1 |
Yes |
Added new methods |
pega_yui_dom |
Pega-UIEngine |
2.5.1 |
Yes |
Internet Explorer check, added CSS props, |
pega_yui_menu |
Pega-UIEngine |
2.5.2 |
Yes |
Removed some resize calls |
pega_yui_event_profile |
Pega-UIEngine |
2.5.1 |
Yes |
Added logs |
Providing for bubblable focus and |
||||
pega_yui_editor |
Pega-UIEngine |
2.5.2 |
Yes |
Added support for Pega-related features |
pega_yui_editor |
Pega-WB |
2.5.2 |
Yes |
Added support for Pega-related features |
pega_yui_dragdrop |
Pega-WB |
2.5.1 |
Yes |
Added new methods |
pega_yui_container |
Pega-WB |
2.5.2 |
Yes |
Updated "Center()" API to calculate |
pega_yui_button |
Pega-WB |
2.5.2 |
Yes |
Menu option in switch case |
pypega_yui_imagecropper |
Pega-Social |
2.9.0 |
No |
|
pega_yui_connection_profile |
Pega-Desktop |
2.5.1 |
No |
|
pega_yui_json |
Pega-UIEngine |
2.8.1 |
No |
|
pega_yui_animation |
Pega-WB |
2.5.1 |
No |
|
pega_yui_element |
Pega-UIEngine |
2.5.1 |
No |
|
pega_yui_colorpicker |
Pega-UIDesign |
2.8.2r1 |
No |
|
pega_yui_slider |
Pega-UIEngine |
2.8.2r1 |
No |
|
pega_yui_rte_menu |
Pega-UIEngine |
2.5.2 |
No |
|
pega_yui_yuiloader_profile |
Pega-WB |
2.5.1 |
No |
File is same as yui_loader |
pega_yui_yuiloader |
Pega-WB |
2.5.1 |
No |
|
pega_yui_yahoo_profile |
Pega-WB |
2.5.1 |
No |
File is same as yui_yahoo |
pega_yui_yahoo |
Pega-WB |
2.5.1 |
No |
|
pega_yui_utilities |
Pega-WB |
2.5.2 |
No |
|
pega_yui_treeview |
Pega-WB |
2.2.2 |
No |
|
pega_yui_tabview |
Pega-WB |
2.2.2 |
No |
|
pega_yui_tab |
Pega-WB |
2.2.2 |
No |
|
pega_yui_slider |
Pega-WB |
2.2.2 |
No |
|
pega_yui_resize |
Pega-WB |
2.5.2 |
No |
|
pega_yui_menu |
Pega-WB |
2.5.2 |
No |
|
pega_yui_layout |
Pega-WB |
2.5.2 |
No |
|
pega_yui_get_profile |
Pega-WB |
2.5.1 |
No |
|
pega_yui_get |
Pega-WB |
2.5.1 |
No |
|
pega_yui_event_profile |
Pega-WB |
2.5.1 |
No |
|
pega_yui_event |
Pega-WB |
2.5.1 |
No |
|
pega_yui_element_profile |
Pega-WB |
2.5.1 |
No |
|
pega_yui_element |
Pega-WB |
2.5.1 |
No |
|
pega_yui_dragdrop_profile |
Pega-WB |
2.5.1 |
No |
|
pega_yui_dom_profile |
Pega-WB |
2.5.1 |
No |
|
pega_yui_dom |
Pega-WB |
2.5.1 |
No |
|
pega_yui_connection_profile |
Pega-WB |
2.5.1 |
No |
|
pega_yui_connection |
Pega-WB |
2.5.1 |
No |
|
pega_yui_attributeprovider |
Pega-WB |
2.2.2 |
No |
|
pega_yui_attribute |
Pega-WB |
2.2.2 |
No |
|
pega_yui_animation_profile |
Pega-WB |
2.5.1 |
No |
|
pzPega_yui_dualSlider2 |
Pega-Reporting |
2.7.0 |
|
Changed to separate module in Pega |
pzPega_yui_dualSlider |
Pega-LP-Application |
2.7.0 |
|
Changed to separate module in Pega |
pega_yui_color |
Pega-ProCom |
|
|
|
pega_yui_extensions |
Pega-UIEngine |
|
Not a YUI file |
|
pega_yui_resizepanel |
Pega-UIEngine |
|
Not a YUI file |
|
pzpega_yui_extensions_plus |
Pega-UIEngine |
|
Not a YUI file |
|
pega_yui_resizepanel |
Pega-WB |
|
Not a YUI file |
|
pega_yui_extensions |
Pega-WB |
|
Not a YUI file |
|
Actions to take
Center() API to calculate TOP style property
Remember to retain the Center() API when updating to the next later version if your application uses YUI 2.5.2 in the following Pega modules:
- pega_yui_container in Pega-UIEngine with YUI 2.5.2
- pega_yui_container in Pega-WB with YUI 2.5.2
Related content
Tab groups are deprecated (Pega Platform 7.3)
Vulnerability issue in Pega v7.3