SivaguruK Member since 2015 2 posts
Capital One Bank
Posted: 1 year ago
Last activity: 1 year ago

Question on FusionChart library in Pega 6.3 SP1

We are still on Pega 6.3 SP1. Recently our organization internal security team have identified vulnerability for cross site scripting, related to the FusionChart library that is being used. They are recommending to upgrade to the latest version of the FusionChart library to resolve the vulnerability. But we understand that the FusionChart library in PEGA is shipped along prpublic jar and it cannot be just upgraded stand alone. It requires a Pega Version upgrade to 7.x or 8.x, which we don't have plans in the near future. Given this situation, is there any other option to resolve the problem? Is there a way to delete specific libraries related to FusionChart library alone, which could help?

Also, what are the different ruletypes in pega which uses this FusionChart library? Is it just the reporting rules or it is used by other rule types as well? The reason behind this question is to understand the impact behind deleting the specific fusionchart class entries from the engine class table.

***Edited by Moderator Marissa to update platform capability tags; update SR Details****

Security User Interface SR Exists
Moderation Team has archived post
Share this page LinkedIn