Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

Support for the JSON Web Token Bearer grant type for accessing external APIs

Valid from Pega Version 8.4

You can now access external APIs by using the new OAuth 2.0 JSON Web Token (JWT) Bearer grant type, in an OAuth 2.0 authentication profile. To use the JWT Bearer grant type as a client assertion, source the JWT from an active SSO session, a token profile, or a property reference. You can use JWTs that you obtain during an OpenID Connect SSO in connectors, to achieve user impersonation flows, such as the On-Behalf-Of (OBO) flow. The OAuth 2.0 type authentication profile now also supports authentication of client applications by using Private Key JWTs.

Instances of the OAuth 2.0 provider are now deprecated. As a best practice, use the new, unified authentication profile configuration instead.

For more information, see Configuring an OAuth 2.0 authentication profile.

Upgrade impact

After an upgrade to Pega Platform 8.4 and later, Authentication Profiles can take advantage of the new JWT based OAuth 2.0 grant type and client authentication features. To take advantage of this and other new security features, you must update any existing Authentication Profiles formats must to use those in Pega Platform 8.4 and later.

What steps are required to update the application to be compatible with this change?

Since these features are available only for profiles created in Pega Platform 8.4 and later, clients must open and then save existing 'Authentication Profile' instances to ensure that the configuration is compatible with the latest authentication formats.

Custom application URL alias in the application definition

Valid from Pega Version 8.4

Create application URL aliases that support your ability to launch multiple Pega applications simultaneously in a single browser. This feature makes it easier for clients and your customers to log into multiple applications using the same browser and access them simultaneously. You configure your application URL alias in the application definition. For details, see Adding an application URL alias.

For more information, see Simplify access with an Application URL alias (8.4)

Upgrade impact

After an upgrade to Pega Platform™ 8.4 and later, review to determine if and how you must update your application rules to reflect the current URL aliasing format. As part of these application rule updates, Pega also updated the URL format and value components of the clipboard property, pxRequestor.pxReqServletNameReal, which you can use to discover a servlet name. If your application uses this property to discover a servlet name, update the pxRequestor.pxReqServlet property in the application rule to use the new, required URL and value formats.

For details steps, see the section, Upgrading from Pega 8.3 or earlier: Guidelines for any required changes in your application URL aliasing, in the appropriate Pega Platform Upgrade Guide available at Deploy Pega Platform

What steps should the customer take to update their application?

After upgrading, you must update your JMeter test scripts. For detailed steps, see Updating JMeter test scripts after migrating to Pega 8.4.

New JWT access token format: Authorized Access Token

Valid from Pega Version 8.5

Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.

The major benefits to using the JWT format are:

  • The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
  • A single token can be used with multiple applications.
  • The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
  • As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).

For more information, see Understanding authorized access tokens.

Improving basic access control

Valid from Pega Version 8.5

Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.

For more information, see Access Control Checks.

Upgrade impact

After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls  by using registration or encryption mechanisms.

What steps are required to update the application to be compatible with this change?

After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.

Updated Word merge support with Microsoft Silverlight plug-in

Valid from Pega Version 7.1.3

Starting in this release, Pega 7 features that integrate with the Word merge capability are now cross-browser. ActiveX controls (which are only compatible with Internet Explorer) have been replaced with Microsoft Silverlight. This plug-in must be downloaded separately from Microsoft because it is not shipped with Pega 7.

Common features that are affected by this change include the Specification form and Case Type landing page.

Prior to using these features, see the release note Word merge support with Microsoft Silverlight plug-in for more information about setting up their client systems.

Upgrade utility for Get Next Work performance

Valid from Pega Version 7.2.2

You can run a utility to upgrade Get Next Work processing to more quickly process assignments that were created in versions of the Pega 7 Platform earlier than 7.2.2. Performance is automatically improved on new installations.

For more information, see Upgrading Get Next Work performance.

pxFeed replaces pxContextFeed and pxActivityFeed Pulse gadgets

Valid from Pega Version 7.4

The pxContextFeed and pxActivityFeed gadgets have been replaced by the pxFeed gadget to integrate the functionalities of viewing and posting messages in the Pulse activity feed. You can include this gadget within a section or harness across your application, for example, in the dashboard of the Case Manager portal, to display the activity feed. You must add the latest UI Kit ruleset to ensure that your application uses the pxFeed gadget instead of the pxContextFeed and pxActivityFeed gadgets to generate the activity feed.

For more information, see Pulse gadget and custom APIs.

Survey rules are deprecated

Valid from Pega Version 7.4

Surveys that were created prior to version 7.4 of Pega Platform are now deprecated. As a best practice, recreate your survey by using the Survey Management landing page, and then reuse questions or question pages from your survey library.

For more information about creating surveys, see Improved survey authoring.

Questionnaire shape replaces Survey shape in legacy flows

Valid from Pega Version 7.4

In flows that reference deprecated surveys, the Questionnaire shape has replaced the Survey shape. Although legacy surveys continue to function in this release, update your flows to use the Survey shape because it provides the latest survey capabilities, and deprecated features are not supported.

For more information about the new survey authoring experience, see Improved survey authoring.

New privilege required to access the Search landing page

Valid from Pega Version 7.4

After upgrading to Pega® Platform 7.4, users who do not have the pxAccessSearchLP privilege cannot access the Search landing page. The pxAccessSearchLP privilege is automatically assigned to the SysAdm4 role. If you have other roles that require access to the Search landing page, you must add the pxAccessSearchLP privilege to those roles.

For more information about assigning privileges to roles, see User privilege authorization. (Link to: basics/v6portal/landingpages/accessmanager/customizeprivilegestab.htm)

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us