2021 Security Bulletin
Cloud SSL Cipher Suite Changes
Changes in supported TLS protocols and ciphers suites take effect as a result of any environment infrastructure update that takes place after September 2021. To learn more about these changes and the TLS encryption settings that are supported, see Data-in-transit encryption in Pega Cloud article and link.
2020 Security Bulletin
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.