Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

New JWT access token format: Authorized Access Token

Valid from Pega Version 8.5

Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.

The major benefits to using the JWT format are:

  • The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
  • A single token can be used with multiple applications.
  • The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
  • As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).

For more information, see Understanding authorized access tokens.

Improving basic access control

Valid from Pega Version 8.5

Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.

For more information, see Access Control Checks.

Upgrade impact

After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls  by using registration or encryption mechanisms.

What steps are required to update the application to be compatible with this change?

After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.

DCO

Valid from Pega Version 7.1.3

In this release, specification support in Case Designer was improved.  Also, improvements and fixes were made to the New Application Wizard.

  • Changes were made to support a split schema environment
  • Shared and Component RuleSets can be copied.
  • Can edit in Word from either Grids or Lists.
  • More than 50 case types are now supported for an application.

Reporting

Valid from Pega Version 7.1.3

This release had a focus on extending key capabilities to improve the functionality and ease of use of reporting features based on early adopter feedback.  A series of cosmetic changes and fixes are also included.

  • Multiple boxes may be checked on List view checkboxes
  • Dashboard Charts slider has been improved.
  • Summary View reports and charts have been enhanced.
  • Column properties can be added to a report in the Report Editor.
  • List view column widths can be set by Smart Info.
  • Listviews will display correctly for updated systems.
  • Improvements to the GuardRail Report.

Updated Word merge support with Microsoft Silverlight plug-in

Valid from Pega Version 7.1.3

Starting in this release, Pega 7 features that integrate with the Word merge capability are now cross-browser. ActiveX controls (which are only compatible with Internet Explorer) have been replaced with Microsoft Silverlight. This plug-in must be downloaded separately from Microsoft because it is not shipped with Pega 7.

Common features that are affected by this change include the Specification form and Case Type landing page.

Prior to using these features, see the release note Word merge support with Microsoft Silverlight plug-in for more information about setting up their client systems.

BIX -I command-line option fails for unexposed properties

Valid from Pega Version 7.2.2

Business Intelligence Exchange (BIX) command-line extractions fail when the extract has a filter that uses unexposed property references that are passed in by the input file that you specified in the -I command-line option. Previously, the BIX extraction ignored the filter and the extraction did not fail.

Issue with the Sandbox directive on the Content Security Policy rule form has been fixed

Valid from Pega Version 7.2.2

An issue that related to the Sandbox directive not being applied, even after a value in the Content Security Policy rule form was selected, has been fixed. As a result, restrictions that are applied based on the settings in the Sandbox directive are now more closely aligned with the World Wide Web Consortium (W3C) specification than in previous releases. You should test your Content Security Policy to ensure that this change does not cause unexpected behavior in your application, such as making the security policy too restrictive.

New privilege required to access the Search landing page

Valid from Pega Version 7.4

After upgrading to Pega® Platform 7.4, users who do not have the pxAccessSearchLP privilege cannot access the Search landing page. The pxAccessSearchLP privilege is automatically assigned to the SysAdm4 role. If you have other roles that require access to the Search landing page, you must add the pxAccessSearchLP privilege to those roles.

For more information about assigning privileges to roles, see User privilege authorization. (Link to: basics/v6portal/landingpages/accessmanager/customizeprivilegestab.htm)

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us