During the Pent test of one of our Pega applications built in version 8.7.4, it was found that application uses components with known vulnerabilities. Apache TomCat, version 9.0.17. Is there any hotfix available for the same?
@sumitananda Pega does not provide hotfixes for third-party software vulnerabilities like Apache Tomcat. It is recommended to update your Apache Tomcat version to a version where the vulnerabilities are fixed. Pega 8.7.4 can run on any Apache Tomcat 9.x version
This is a GenAI-powered tool. All generated answers require validation against the provided references.
How to fix Tomcat 9.0 vulnerabilities in Pega Platform 8.3.1
Upgrade to Apache 9.0.58 for Pega 8.5.5
Tomcat 9.0.39 is recommended for Pega 7.3.1?
Please also review the Important Links on the PSC landing page: Review Security Advisories and the main portal Security Bulletins