Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

New JWT access token format: Authorized Access Token

Valid from Pega Version 8.5

Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.

The major benefits to using the JWT format are:

  • The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
  • A single token can be used with multiple applications.
  • The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
  • As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).

For more information, see Understanding authorized access tokens.

Improving basic access control

Valid from Pega Version 8.5

Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.

For more information, see Access Control Checks.

Upgrade impact

After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls  by using registration or encryption mechanisms.

What steps are required to update the application to be compatible with this change?

After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.

End of support for form-based rule forms in Pega 7.1.9

Valid from Pega Version 7.1.9

Rule forms that are configured to render as forms are no longer supported in Designer Studio or end-user applications. Form-based configurations are found on custom rule types that were created in earlier versions of Pega 7 and are characterized by pop-up windows that are rendered externally from Designer Studio.

Reconfigure Pega 7 applications that use such rule forms by using standard harnesses and sections.

  1. Open the class form.
  2. Click the Advanced tab.
  3. Select Harness from the Rule formmenu.
  4. Create a new harness and new sections that implement the logic of the custom rule, using standard user interface layouts and controls.

Migrating custom rule forms to harnesses and sections offers the following benefits:

  • User interfaces become HTML5 WC3 compatible and responsive to different screen sizes.
  • User interfaces become cross-browser compatible, rendered consistently in Google Chrome, Mozilla Firefox, Apple Safari, and recent versions of Microsoft Internet Explorer.
  • Rendering performance on modern browsers is dramatically improved.
  • User interface pop-up behavior is eliminated; all windows are rendered inside Designer Studio and end-user applications.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us