Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

Add the security checklist to applications created before 7.3.1

Valid from Pega Version 7.3.1

The security checklist is now automatically added to applications. You can manually add the security checklist to applications that were created in earlier versions.

You can improve the security of your application by completing the tasks on the checklist.

The following task reflects the procedure on how to manually add the security checklists to Designer Studio prior to 7.3.1:

  1. In the header of Designer Studio, click the name of the application, and then click Definition.
  2. Click the Documentation tab.
  3. In the Application guides section, click Add guide.
  4. In the Application guide& field, enter pxApplicationSecurityChecklist.
  5. Click the Configure icon in the Available in column and select the portals (App Studio and Dev Studio) that you want to add the security checklist to.
  6. Click Save.

Consistent search experience in App Studio

Valid from Pega Version 8.5

Pega Platform™ now supports a unified search mechanism in App Studio. Instead of manually locating a single item, such as a case type, a channel, or a data object, you can simply use the Search option in the navigation pane. You can also use Search in case types and personas landing pages, to conveniently access the information that you need, for example channels and case types associated with a persona.  

For more information, see Plan your Microjourneys more conveniently in an improved Case Designer (8.5)Creating a Microjourney for customer success.

Automated project estimation in App Studio

Valid from Pega Version 8.5

App Studio now supports estimating projects in an intuitive and automated way, so that you can plan your work with greater efficiency and accuracy. Estimations include the number of hours that you will need to deliver an application, based on multiple factors such as the delivery methodology, the number and complexity of features to implement, and the number of teams involved. After you provide the required data, the project estimator calculates the expected duration of application development. To share your project estimates outside Pega Platform™, for example with your stakeholders, you can also export estimates to an .xlsx file.

For more information, see Estimate projects automatically in App Studio (8.5), Estimating application development.

Enhanced application inventory to support features

Valid from Pega Version 8.5

Now the application inventory in App Studio also includes features that represent elements of your application to implement, such as language packs, along with personas and data objects. The inventory provides the option to add new features or reuse existing features from built-on applications. With the enhanced inventory, application development planning and tracking is faster and more intuitive because you can now easily check the features that your development team needs to implement. For greater clarity, the inventory supports different methods of grouping features, for example, by release or complexity.     

For more information, see Managing application inventory.

Enhanced Case Designer in App Studio

Valid from Pega Version 8.5

For greater clarity when visualizing your business processes, App Studio now has an improved Case Designer. In Pega Platform™ 8.5, every persona displays a list of associated channels, and every data object lists associated systems, instead of showing multiple entities for different channels or systems. Additionally, for better distinction every channel and system displays a unique icon. To fully convey your business process using just one screen, Case Designer now also supports visualizing attachments required for your microjourney, as well as creating draft associations between personas and channels.

For more information, see Plan your Microjourneys more conveniently in an improved Case Designer (8.5), Creating a Microjourney for customer success.

Searching for Pulse messages available in spaces

Valid from Pega Version 8.5

Pega Platform™ now supports searching for Pulse messages within a space. For greater accuracy of the results, you can search by applying different filters, such as keywords, message authors, and a time range for posting of the messages. The results return private and public posts, comments, and attachments that match the search filters. When the result is a comment, Pulse displays the whole message thread for full context.

For more information, see Search for Pulse messages in spaces (8.5), Searching for Pulse messages in spaces.

Automatic draft off mode for processes in case types

Valid from Pega Version 8.5

App Studio now supports automatically turning off the draft mode for processes in your case types. Any process that you add to a case type is in draft mode by default so that you can run the case type to check the run-time behavior even if the process contains errors. However, in a production environment, processes in draft mode do not work. To save time and deliver your projects faster, any process that has no errors now automatically switches off draft mode when you save the case type. Additionally, Case Designer now displays a list of errors that processes in your case type include, so that you can quickly locate any issues.

For more information, see Save time and effort with automatic draft off mode for processes in case types (8.5), Draft mode of case processes.

New JWT access token format: Authorized Access Token

Valid from Pega Version 8.5

Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.

The major benefits to using the JWT format are:

  • The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
  • A single token can be used with multiple applications.
  • The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
  • As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).

For more information, see Understanding authorized access tokens.

Improvements to OAuth 2.0 Services with Token Introspection Service and Token Denylist Service

Valid from Pega Version 8.5

Increase the security of user sessions by using the newly supported Token Introspection and Denylist services for OAuth 2.0.

Token Introspection service

Use the Token Introspection service to validate JSON Web Tokens (JWT). The Token Introspection service requires authentication. 

Pega now uses OAuth 2.0 access tokens called Authorized Access Tokens (AAT). 

Token Introspection service endpoint

The Token Introspection service endpoint provides the information about the status of access token and refresh token. Token introspection can be used to validate if a given token is still active or inactive. The token introspection endpoint determines whether the token is valid. The status indicates whether an access token or refresh token is valid or invalid: 

  • Valid tokens have the “active”:true status
  • Invalid tokens have the “active” :false status.

The inactive status can also be due to revocation. 

Token Denylist service

You can add tokens to the deny list in cases where suspicious activity might have occurred. The Token Denylist service provides a method for denying user access to the application by revoking the user's access token. This service can prevent a token from being used more than the specified number of times, which can be helpful in preventing replay attacks. Stolen tokens should be revoked using this service. A GET API is also available to get the list of denied tokens.

Keys endpoint

Pega Platform™ is changing from using opaque tokens to JSON Web (JWT) tokens. If this JWT is used by any other system, the public key is needed for signature verification. A new endpoint is exposed to provide these public keys in JWK format: https://host:port/prweb/api/oauth2/v1/token/keys.

 

For more information, see OAuth 2.0 Management Services.

Enhanced refresh token strategy

Valid from Pega Version 8.5

You now have more precise control over your refresh token expiration strategy. When a refresh token is enabled, you can choose to set its initial expiration based on the value provided by the IDP. The refresh token expiry can be derived from IDP’s session timeout when SSO is used with external IDP for user authentication in the authorization code grant flow. You can also specify a separate refresh token expiration strategy based on your use-case. 

These can be configured in the OAuth2 Client registration rule form.

For more information, see Enhanced refresh token strategy.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us