Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

Support for the JSON Web Token Bearer grant type for accessing external APIs

Valid from Pega Version 8.4

You can now access external APIs by using the new OAuth 2.0 JSON Web Token (JWT) Bearer grant type, in an OAuth 2.0 authentication profile. To use the JWT Bearer grant type as a client assertion, source the JWT from an active SSO session, a token profile, or a property reference. You can use JWTs that you obtain during an OpenID Connect SSO in connectors, to achieve user impersonation flows, such as the On-Behalf-Of (OBO) flow. The OAuth 2.0 type authentication profile now also supports authentication of client applications by using Private Key JWTs.

Instances of the OAuth 2.0 provider are now deprecated. As a best practice, use the new, unified authentication profile configuration instead.

For more information, see Configuring an OAuth 2.0 authentication profile.

Upgrade impact

After an upgrade to Pega Platform 8.4 and later, Authentication Profiles can take advantage of the new JWT based OAuth 2.0 grant type and client authentication features. To take advantage of this and other new security features, you must update any existing Authentication Profiles formats must to use those in Pega Platform 8.4 and later.

What steps are required to update the application to be compatible with this change?

Since these features are available only for profiles created in Pega Platform 8.4 and later, clients must open and then save existing 'Authentication Profile' instances to ensure that the configuration is compatible with the latest authentication formats.

Sign and encrypt signatures and content with additional algorithms

Valid from Pega Version 8.4

You can now authenticate using JSON Web Token (JWT) token profiles to symmetrically and asymmetrically encrypt both signatures and content. All algorithms in the Nimbus JWT library are supported, including nested tokens. Custom key identifier headers (kid) are also supported. Use token profiles to securely propagate identities and transfer data between systems.

For more information, see Creating a processing JSON Web token profile.

For more information, see Creating a generation JSON Web token profile.

Custom application URL alias in the application definition

Valid from Pega Version 8.4

Create application URL aliases that support your ability to launch multiple Pega applications simultaneously in a single browser. This feature makes it easier for clients and your customers to log into multiple applications using the same browser and access them simultaneously. You configure your application URL alias in the application definition. For details, see Adding an application URL alias.

For more information, see Simplify access with an Application URL alias (8.4)

Upgrade impact

After an upgrade to Pega Platform™ 8.4 and later, review to determine if and how you must update your application rules to reflect the current URL aliasing format. As part of these application rule updates, Pega also updated the URL format and value components of the clipboard property, pxRequestor.pxReqServletNameReal, which you can use to discover a servlet name. If your application uses this property to discover a servlet name, update the pxRequestor.pxReqServlet property in the application rule to use the new, required URL and value formats.

For details steps, see the section, Upgrading from Pega 8.3 or earlier: Guidelines for any required changes in your application URL aliasing, in the appropriate Pega Platform Upgrade Guide available at Deploy Pega Platform

What steps should the customer take to update their application?

After upgrading, you must update your JMeter test scripts. For detailed steps, see Updating JMeter test scripts after migrating to Pega 8.4.

Improved mobile app user experience

Valid from Pega Version 8.4

Pega Platform™ can now produce a better mobile experience through performance gains and flexible access settings. Apps now support quick-loading native worklists, smooth scrolling and swiping, and query-based search, which improve productivity for mobile users. In addition, you can make your app available to users without authentication, and enhance usability for products that do not require strict security controls.

For more information, see Securing mobile apps.

More efficient mobile development

Valid from Pega Version 8.4

The work environment for mobile app developers in Pega Platform™ is now more intuitive. Because every new out-of-the-box application now comes with a preconfigured mobile channel, you can start building mobile apps straight away. Create a mobile channel from scratch, and then customize it to include specific requirements for your new app.

The following updates enhance the process of building mobile apps:

  • Your application stores all mobile channels as rules. You can reuse these channels across all versions of your mobile apps for more convenient updates.
  • You can now configure contextual search from the mobile channel.
  • You can now create native mobile list pages for the app navigation directly from the mobile channel.
  • You can now add pages from web portals to a mobile app navigation pane, with full support for native mobile features, such as floating action buttons.
  • Mobile channels now support configuration through predefined templates, widgets, and actions.
  • You can now instantly preview your mobile channel configuration to see how the app displays on mobile devices.
  • Configuration of offline support for mobile apps is now available from a single, low-code page.
  • The preview section now offers a low-code pane, from which you can instantly start building a mobile app.
  • The mobile channel now supports adding custom iOS and Android modules.
  • Admin Studio now supports a mobile page, from which you can provide your own Mobile Build Server credentials and decide whether users need to provide authentication to download your mobile app.

Expanded checks for Java injection vulnerabilities (8.4)

Valid from Pega Version 8.4

The Java injection vulnerability check feature has been enhanced in Pega Platform™ to further prevent Java injection, including Edit validate, Edit input, and JSP rules. Pega Platform reports errors at design time and run time, and does not run any rule that includes any of the following Java code:

  • JavaCompiler
  • new ProcessBuilder()
  • org.dita.dost.invoker
  • Runtime.getRuntime()

For more information, see Configuring the Java injection check.

Improved offline support for mobile apps

Valid from Pega Version 8.4

The updated offline mode in Pega Platform™ now reduces implementation time, enhances the development process, and helps you create a more comprehensive mobile experience for users without a reliable web connection.

The improved offline support includes the following enhancements:

  • Offline-enabled apps now use native mobile UI components, such as headers and bottom bars.
  • Offline mode now supports decision trees for improved case processing. 
  • Users can now process multiple cases simultaneously in separate offline tabs, which leads to higher productivity.
  • Offline-enabled apps now work more efficiently because of improved caching and background synchronization.

For more information, see Working with offline apps.

Mobile features deprecated in 8.4

Valid from Pega Version 8.4

Following the introduction of new functionalities for mobile apps, some features are reaching end of life. To avoid additional effort during updates to future releases, do not use deprecated features.

In the 8.4 release, the following features are no longer recommended:

  • Mobile Client 7 is now deprecated and planned for removal in 8.5. Use Pega Infinity Mobile Client to meet the mobile needs of your business.
  • The Reuse existing web portal functionality is deprecated and planned for removal in 8.5. For improved app performance and more efficient development, use the mobile app builder in the mobile channel. Also, you must convert existing projects to use separate channels for mobile and web portals before upgrading to 8.5.

In addition, the Pega Mobile Express app has been removed from app stores and replaced with the Pega Mobile Preview app.

Support for large reference data in offline mobile apps

Valid from Pega Version 7.2

A data page in a Pega 7 Platform mobile application with offline capability enabled can now be marked as a large data page. This feature improves performance significantly when you have a large amount of data in which only individual records change.

In this situation, after the initial sync to the mobile app, only the changes in the large data page are synced instead of the entire large data page. The database table is created for such large data pages in the encrypted SQLite database on the device. Changes such as add, delete, or update are reconciled as row-level updates. Furthermore, you can use JavaScript to query against this data. A large referenced data page is supported by list-based components such as repeating dynamic layout, auto-complete, a dropdown list, and radio button.

Support for offline and online cases in a single mobile app

Valid from Pega Version 7.2

A single offline-enabled application can now support both the creation and processing of online-only and offline-ready cases.

For online-only cases, a list of both the offline and online cases is always available. Case assignment and processing is performed on the server so that a case is available only when the device is connected to the Internet or to data. When a connection is not available for processing an online-only case, an error message is displayed.

For offline-ready cases, a user can open an assignment and perform tasks on that case. There is also an option to explicitly display a harness from a server instead of a client store.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us