Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

Support for the JSON Web Token Bearer grant type for accessing external APIs

Valid from Pega Version 8.4

You can now access external APIs by using the new OAuth 2.0 JSON Web Token (JWT) Bearer grant type, in an OAuth 2.0 authentication profile. To use the JWT Bearer grant type as a client assertion, source the JWT from an active SSO session, a token profile, or a property reference. You can use JWTs that you obtain during an OpenID Connect SSO in connectors, to achieve user impersonation flows, such as the On-Behalf-Of (OBO) flow. The OAuth 2.0 type authentication profile now also supports authentication of client applications by using Private Key JWTs.

Instances of the OAuth 2.0 provider are now deprecated. As a best practice, use the new, unified authentication profile configuration instead.

For more information, see Configuring an OAuth 2.0 authentication profile.

Upgrade impact

After an upgrade to Pega Platform 8.4 and later, Authentication Profiles can take advantage of the new JWT based OAuth 2.0 grant type and client authentication features. To take advantage of this and other new security features, you must update any existing Authentication Profiles formats must to use those in Pega Platform 8.4 and later.

What steps are required to update the application to be compatible with this change?

Since these features are available only for profiles created in Pega Platform 8.4 and later, clients must open and then save existing 'Authentication Profile' instances to ensure that the configuration is compatible with the latest authentication formats.

Sign and encrypt signatures and content with additional algorithms

Valid from Pega Version 8.4

You can now authenticate using JSON Web Token (JWT) token profiles to symmetrically and asymmetrically encrypt both signatures and content. All algorithms in the Nimbus JWT library are supported, including nested tokens. Custom key identifier headers (kid) are also supported. Use token profiles to securely propagate identities and transfer data between systems.

For more information, see Creating a processing JSON Web token profile.

For more information, see Creating a generation JSON Web token profile.

Custom application URL alias in the application definition

Valid from Pega Version 8.4

Create application URL aliases that support your ability to launch multiple Pega applications simultaneously in a single browser. This feature makes it easier for clients and your customers to log into multiple applications using the same browser and access them simultaneously. You configure your application URL alias in the application definition. For details, see Adding an application URL alias.

For more information, see Simplify access with an Application URL alias (8.4)

Upgrade impact

After an upgrade to Pega Platform™ 8.4 and later, review to determine if and how you must update your application rules to reflect the current URL aliasing format. As part of these application rule updates, Pega also updated the URL format and value components of the clipboard property, pxRequestor.pxReqServletNameReal, which you can use to discover a servlet name. If your application uses this property to discover a servlet name, update the pxRequestor.pxReqServlet property in the application rule to use the new, required URL and value formats.

For details steps, see the section, Upgrading from Pega 8.3 or earlier: Guidelines for any required changes in your application URL aliasing, in the appropriate Pega Platform Upgrade Guide available at Deploy Pega Platform

What steps should the customer take to update their application?

After upgrading, you must update your JMeter test scripts. For detailed steps, see Updating JMeter test scripts after migrating to Pega 8.4.

Expanded checks for Java injection vulnerabilities (8.4)

Valid from Pega Version 8.4

The Java injection vulnerability check feature has been enhanced in Pega Platform™ to further prevent Java injection, including Edit validate, Edit input, and JSP rules. Pega Platform reports errors at design time and run time, and does not run any rule that includes any of the following Java code:

  • JavaCompiler
  • new ProcessBuilder()
  • org.dita.dost.invoker
  • Runtime.getRuntime()

For more information, see Configuring the Java injection check.

Descendant class instances now included in reports

Valid from Pega Version 7.2

The Report on descendant class instances option on the Data Access tab of the Report Definition rule has a new option to now include data from all descendant classes of the report's primary class. If descendant classes are mapped to multiple class tables, the generated SQL query performs UNIONs to include this data. Previously, only a single class was included in the report.

You can select a subset of descendant classes to include or exclude by adding a filter condition on pxObjClass.

Existing reports retain the older behavior for this option after an upgrade or update. To use the new option, you must set it for each existing report. New reports created in Designer Studio and out-of-the-box Pega 7 Platform template reports from which new reports are created in the Report Browser (pyDefaultReport and pyDefaultSummaryReport) default to the new option. If you have created custom template reports for some application classes, you must change them to enable the new option in reports that are created in the Report Browser for these classes.

See Reporting on data in multiple class tables.

Report Definition query filters can search embedded properties

Valid from Pega Version 7.2

Filter conditions on Report Definition rules that query the Elasticsearch indexes can now reference embedded properties. Previously, filter conditions could reference only the top-level properties of a class. To reference an embedded property within a filter condition, specify indexes for embedded page lists and page groups, for example, Customers(1).Addresses(1).City = Boston OR Customers(1).Addresses(1).State = MA.

These indexes are ignored in the generated query, and so can potentially match any value in a page list or group. However, filter conditions that reference multiple embedded properties in the same page list or page group, as displayed above, might not be satisfied on the same page.

BIX extracts can be scheduled and run from the Pega 7 Platform by using agents

Valid from Pega Version 7.2

You can create an agent that periodically invokes the new pxExtractDataWithArgs activity to run a BIX Extract rule. The activity takes the class and extract rule name, as well as an additional input string with a list of BIX command-line parameters, as input parameters to use for the run.

Discontinued support for list view and summary view rules

Valid from Pega Version 7.2

The list view rule and the summary view rule are deprecated, and support for these rules has been discontinued. Existing list view and summary view reports will continue to work on supported browsers. However, the last version of Internet Explorer that list view and summary view rules support is Internet Explorer 11.

You cannot create new list view or summary view reports. Instead, create list reports and summarized reports by using the report definition rule. To prevent display issues, re-create the custom list view and summary view reports that you need as report definition reports.

Chrome support for editing specification descriptions in Word

Valid from Pega Version 7.2

If you use Google Chrome 42 and later, you can now create, save, and update specification descriptions even if you are not using the Microsoft Silverlight NPAPI plug-in.

The new Upload Word document as description option provides you with the functionality to upload a Word document that contains the specification description. In addition, you can use the Export to Word option to export the description that you entered in the rich text editor to a Word document.

Report Definitions can query tables in multiple schemas

Valid from Pega Version 7.2

You can create a Report Definition that queries class tables in multiple schemas in the same database. Previously, queries on tables that were mapped to PegaRULES and PegaDATA schemas could not include tables that were mapped to other schemas, because other schemas were assumed to be in a different database. The schemas to which queried class tables belong are no longer validated when you save the Report Definition, so you can now query tables in schemas other than PegaRULES and PegaDATA. However, Report Definitions that query tables that are in more than one database fail when run.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us