Does Pega use the apache commons java library for serialization
In light of the Apache Commons vulnerability CVE-2015-4852 I am wondering if Pega makes use of this java library. We are looking at two methods to remediate this vulnerability based on whether Apache Commons java library is used within Pega (6.1 SP2).
Can anyone advise?
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
I am looking into the issue at the moment as BUG-223630 in PMF. In the current versions of Pega in the field or under development (7.1 ML9 and later) there is no direct use of the identified issues within Commons Collection. I do not know if this is also true for older versions like 6.1 SP2.
Thank you for posting your query on PSC. This looks like an inactive post and hence, we suggest you create a new post for your query. Click on the Write a Post button that’s available on the top right pane of this page. Once created, please reply back here with the URL of the new post.
We have also sent you a private message opening up a communication channel in case you have any further questions.