Sivaguru Krishnamurthy (SivaguruK)
Capital One Bank

Capital One Bank
SivaguruK Member since 2015 2 posts
Capital One Bank
Posted: September 30, 2019
Last activity: September 30, 2019
Posted: 30 Sep 2019 12:28 EDT
Last activity: 30 Sep 2019 16:16 EDT

Question on FusionChart library in Pega 6.3 SP1

We are still on Pega 6.3 SP1. Recently our organization internal security team have identified vulnerability for cross site scripting, related to the FusionChart library that is being used. They are recommending to upgrade to the latest version of the FusionChart library to resolve the vulnerability. But we understand that the FusionChart library in PEGA is shipped along prpublic jar and it cannot be just upgraded stand alone. It requires a Pega Version upgrade to 7.x or 8.x, which we don't have plans in the near future. Given this situation, is there any other option to resolve the problem? Is there a way to delete specific libraries related to FusionChart library alone, which could help?

Also, what are the different ruletypes in pega which uses this FusionChart library? Is it just the reporting rules or it is used by other rule types as well? The reason behind this question is to understand the impact behind deleting the specific fusionchart class entries from the engine class table.

***Edited by Moderator Marissa to update platform capability tags; update SR Details****

Security User Experience Support Case Exists
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.