Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

Support for the JSON Web Token Bearer grant type for accessing external APIs

Valid from Pega Version 8.4

You can now access external APIs by using the new OAuth 2.0 JSON Web Token (JWT) Bearer grant type, in an OAuth 2.0 authentication profile. To use the JWT Bearer grant type as a client assertion, source the JWT from an active SSO session, a token profile, or a property reference. You can use JWTs that you obtain during an OpenID Connect SSO in connectors, to achieve user impersonation flows, such as the On-Behalf-Of (OBO) flow. The OAuth 2.0 type authentication profile now also supports authentication of client applications by using Private Key JWTs.

Instances of the OAuth 2.0 provider are now deprecated. As a best practice, use the new, unified authentication profile configuration instead.

For more information, see Configuring an OAuth 2.0 authentication profile.

Upgrade impact

After an upgrade to Pega Platform 8.4 and later, Authentication Profiles can take advantage of the new JWT based OAuth 2.0 grant type and client authentication features. To take advantage of this and other new security features, you must update any existing Authentication Profiles formats must to use those in Pega Platform 8.4 and later.

What steps are required to update the application to be compatible with this change?

Since these features are available only for profiles created in Pega Platform 8.4 and later, clients must open and then save existing 'Authentication Profile' instances to ensure that the configuration is compatible with the latest authentication formats.

Sign and encrypt signatures and content with additional algorithms

Valid from Pega Version 8.4

You can now authenticate using JSON Web Token (JWT) token profiles to symmetrically and asymmetrically encrypt both signatures and content. All algorithms in the Nimbus JWT library are supported, including nested tokens. Custom key identifier headers (kid) are also supported. Use token profiles to securely propagate identities and transfer data between systems.

For more information, see Creating a processing JSON Web token profile.

For more information, see Creating a generation JSON Web token profile.

Email bots now support multiple languages

Valid from Pega Version 8.4

You can now configure Pega Email Bot™ to perform text analysis, use training data and triage emails in multiple languages, for example, English, French, German, and Spanish. By detecting topics and entities from emails in different languages, the system can suggest the correct business case and provide an email response in the user's own language.

For more information, see Selecting languages for an Email channel and Enabling automatic language detection for text analysis.

Support for seamless transitions between IVAs and customer service representatives

Valid from Pega Version 8.4

To ensure the best user experience in chat sessions with a Pega Intelligent Virtual Assistant™ (IVA), customer service representatives (CSRs) can now step in and take control of a chat session multiple times, when the chatbot is not capable of correctly answering the user. After the user problem is resolved, the CSR can seamlessly switch control of the chat session back to the chatbot.

Unified Messaging Desktop integration with Pega Platform

Valid from Pega Version 8.4

You can now use the Pega Unified Messaging Desktop™ customer service solution with a Pega Platform™ application so that customer service representatives (CSRs) and other users, such as managers, can respond to user requests more quickly and in a more consistent manner. With integrated Pega Unified Messaging Desktop, CSRs can escalate user requests from Pega Intelligent Virtual Assistants™ (IVAs) by using case processing and artificial intelligence alongside Pega Customer Service™

For more information, see Develop a single IVA channel to chat across different messaging platforms.

Custom application URL alias in the application definition

Valid from Pega Version 8.4

Create application URL aliases that support your ability to launch multiple Pega applications simultaneously in a single browser. This feature makes it easier for clients and your customers to log into multiple applications using the same browser and access them simultaneously. You configure your application URL alias in the application definition. For details, see Adding an application URL alias.

For more information, see Simplify access with an Application URL alias (8.4)

Upgrade impact

After an upgrade to Pega Platform™ 8.4 and later, review to determine if and how you must update your application rules to reflect the current URL aliasing format. As part of these application rule updates, Pega also updated the URL format and value components of the clipboard property, pxRequestor.pxReqServletNameReal, which you can use to discover a servlet name. If your application uses this property to discover a servlet name, update the pxRequestor.pxReqServlet property in the application rule to use the new, required URL and value formats.

For details steps, see the section, Upgrading from Pega 8.3 or earlier: Guidelines for any required changes in your application URL aliasing, in the appropriate Pega Platform Upgrade Guide available at Deploy Pega Platform

What steps should the customer take to update their application?

After upgrading, you must update your JMeter test scripts. For detailed steps, see Updating JMeter test scripts after migrating to Pega 8.4.

Expanded checks for Java injection vulnerabilities (8.4)

Valid from Pega Version 8.4

The Java injection vulnerability check feature has been enhanced in Pega Platform™ to further prevent Java injection, including Edit validate, Edit input, and JSP rules. Pega Platform reports errors at design time and run time, and does not run any rule that includes any of the following Java code:

  • JavaCompiler
  • new ProcessBuilder()
  • org.dita.dost.invoker
  • Runtime.getRuntime()

For more information, see Configuring the Java injection check.

Updated default dynamic system setting for requestor pools

Valid from Pega Version 8.4

Clients can now enable or disable requestor pools for processing service requests using a new dynamic system setting called EnableRequestorPools with Pega-IntegrationEngine as the owning rulest. Previously, all deployments utilized requestor pools to improve service processing response efficiency; requestor pools eliminated overhead by automatically returning a requestor to the pool after it fulfills a service request. Starting in Pega Platform 8.4, requestor pools are disabled in Client-managed cloud deployments, since these deployments use autoscaling to handle service request traffic. Enabling requestor pools in Kubernetes environments is not recommended, because they can inhibit the default autoscaling settings in the environment.

Requestor pools remain enabled by default in Pega Cloud and on-premises environments.

To help clients navigate this change, Pega has updated its best practice guidance for configuring requestor pools. For an overview, see Requestor pooling for services. For guidance on the use of requestor pools in your application, see the EnableRequestorPools entry in Dynamic system settings data instances.

Upgrade impact

Requestor pools are disabled by default in Pega Platform 8.4 in client-managed cloud deployments. Clients who deployed previous versions of Pega Platform on a Kubernetes environment and who upgrade to Pega Platform 8.4 could see that their services behave differently.

What steps are required to update the application to be compatible with this change?

If clients that are deployed in a Client-managed cloud environment need to configure their services to use requestor pools and they understand how to configure requestor pools for their optimized use, these clients can re-enable requestor pools. Clients should review the best practice for configuring requestor pools before they re-enable requestor pools. To re-enable requestor pools, you modify the EnableRequestorPools setting in the Pega-IntegrationEngine Owning ruleset from “disabled” to Enabled [no value]. For details, see Editing a dynamic system setting.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us