there was a new vulnerability released for Apache Struts.
Apache Struts 2 namespace Remote Code Execution Vulnerability (S2-057)
Is Pega Version 7.2.1 affected by this?
@SaurabhS511 please see a previous forum question about this:
Struts was only used in SMA. It was not used in the platform. In PEGA 8, the SMA was replaced with ADMIN STUDIO and STRUTS is no longer used.
The SMA is vulnerable to this issue because of its use of Struts. We upgraded struts version to 2.3.35 for Universal SMA to address vulnerability above with Struts 2.5.17.
Please log a support ticket requesting hotfix HFIX-46844 and HFix-46946.
A separate prsysmgmt wars and ears will be generated as part of this hotfix. They will need to be deployed per the application server context
Hotfix installation instructions: Redeploy SMA war