Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

Automate business process tracking by importing Excel files

Valid from Pega Version 8.5

To track business processes status and data, you can now import Excel files when you create a case or data object in App Studio. This functionality provides the following enhancements:

  • You can now upload a CSV file when you create a case or data object in App Studio. By importing a CSV file, you can use the data in your spreadsheet to define your data model.
  • You can generate a data import template that you can use to import a file in its original format during production.
  • You can upload .xlsx files to avoid resaving your Excel file as a CSV file.

For more information, see Creating a data model from a spreadsheet.

Data APIs support data exploration in React UI tables

Valid from Pega Version 8.5

Data APIs have been enhanced to support filtering, sorting, paging, and aggregation in React UI tables. You can use that functionality to access your data quickly and intuitively. For example, by using paging, you can query a data page to retrieve the second page of an employee contact list and specify the number of results that are displayed on the page.

For more information, see Data API performance and limitations.

Support for application-specific REST API calls

Valid from Pega Version 8.5

You can now call an authenticated REST API in the context of any application that is listed on an operator record by using the application alias URL. With the application alias URL, you can also develop REST services without changing the access group in the service package. REST services run in the context of the access group that points to the provided application, instead of the access group that is specified in the service package.

For more information, see Invoking a REST service rule.

Savable data pages support loading pages individually from a page list

Valid from Pega Version 8.5

You can now load individual pages in a page list from single object data pages to your case and data types. This functionality allows you to save autopopulated properties with the Load each page individually option using a flow action, save data page smart shape, or the activity method.

For more information, see Saving data in a data page as part of a flow.

Improvements to OAuth 2.0 Services with Token Introspection Service and Token Denylist Service

Valid from Pega Version 8.5

Increase the security of user sessions by using the newly supported Token Introspection and Denylist services for OAuth 2.0.

Token Introspection service

Use the Token Introspection service to validate JSON Web Tokens (JWT). The Token Introspection service requires authentication. 

Pega now uses OAuth 2.0 access tokens called Authorized Access Tokens (AAT). 

Token Introspection service endpoint

The Token Introspection service endpoint provides the information about the status of access token and refresh token. Token introspection can be used to validate if a given token is still active or inactive. The token introspection endpoint determines whether the token is valid. The status indicates whether an access token or refresh token is valid or invalid: 

  • Valid tokens have the “active”:true status
  • Invalid tokens have the “active” :false status.

The inactive status can also be due to revocation. 

Token Denylist service

You can add tokens to the deny list in cases where suspicious activity might have occurred. The Token Denylist service provides a method for denying user access to the application by revoking the user's access token. This service can prevent a token from being used more than the specified number of times, which can be helpful in preventing replay attacks. Stolen tokens should be revoked using this service. A GET API is also available to get the list of denied tokens.

Keys endpoint

Pega Platform™ is changing from using opaque tokens to JSON Web (JWT) tokens. If this JWT is used by any other system, the public key is needed for signature verification. A new endpoint is exposed to provide these public keys in JWK format: https://host:port/prweb/api/oauth2/v1/token/keys.

 

For more information, see OAuth 2.0 Management Services.

Enhanced refresh token strategy

Valid from Pega Version 8.5

You now have more precise control over your refresh token expiration strategy. When a refresh token is enabled, you can choose to set its initial expiration based on the value provided by the IDP. The refresh token expiry can be derived from IDP’s session timeout when SSO is used with external IDP for user authentication in the authorization code grant flow. You can also specify a separate refresh token expiration strategy based on your use-case. 

These can be configured in the OAuth2 Client registration rule form.

For more information, see Enhanced refresh token strategy.

Enhancements to token lifetime limits

Valid from Pega Version 8.5

Pega Platform™ uses OAuth 2.0 authorization codes, access tokens, and refresh tokens to provide flexible token-based security for applications. Expiration settings for these codes and tokens now adhere to certain strict value range based on industry leading practices. For example, the lifetime specified for the authorization code must be in the range 1-600 seconds.

These can be configured in the OAuth2 Client registration rule form.

For more information, see OAuth 2.0 Management Services.

Word merge support with Microsoft Silverlight plug-in

Valid from Pega Version 7.1.3

PRPC features that integrate with the Word merge capability are now cross-browser. ActiveX controls (which are only compatible with IE) have been replaced with Microsoft Silverlight. This plug-in must be downloaded separately from Microsoft, as it is not shipped with PRPC.

Some common PRPC features affected by this change include the Application Document Wizard, App Profile, Specifications Landing Page, Specification form, and Case Type Landing Page.

Prior to using these features, Users of PRPC 7.1.3 need to set up their client system(s) as follows:

1. Install Silverlight plug-in

Follow the PRPC prompt to install Silverlight when you attempt to use the Word merge feature:

Silverlight1.jpg

Or download package directly: www.microsoft.com/silverlight/

2. Install PRPC prerequisites

Microsoft Internet Explorer (IE) browsers automatically detect the need for PRPC prerequisites and will prompt for install:

Silverlight2.jpg

Non-IE browsers will load a pop-up window when the user attempts to use the Word merge feature.  Use the link to manually download PRPC prerequisites:

Silverlight3.jpg

Extract the .zip file, execute setup.exe and follow the install wizard:

Silverlight4.jpg

Administrators setting up multiple clients at once may refer to the pzSLpreReqs.cab available in the PRPC 7.1.3 resource kit.

3. Restart browser

Log out of PRPC, close all open sessions and restart your browser.

The PRPC feature integrated with Word merge is now ready for use; Silverlight prompts are no longer displayed.

4. Troubleshooting

Silverlight installation requires access to your file system and a registry setting update to “trust” the associated Verisign certificate.  Contact your administrator if you encounter any security or permission errors during this process.

While Silverlight is cross-browser, it is not fully cross-platform.  Mac users may use Word merge features in Chrome via Parallels.

See the PRPC Developer Help for more information on browser setup requirements.

Enabling security policies now requires current password

Valid from Pega Version 7.1.3

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

Data Management

Valid from Pega Version 7.1.3

Improvements to data handling were made for the Data Pages, autopopulate properties, and reference properties.  Lightweight lists were optimized.

  • Property references are now maintained on the Work Page.
  • PageList properties can reference a Data Page.
  • Auto-populate properties can be used in a seciton to show results from a Data Page.
  • Data Pages can run in “Page” mode as well as “List” mode
  • The "Rules Not Using Lightweight List" report was enhanced.
  • A PageList property that references a Data Page may be used to populate a grid.
  • Related autopopulated properties can now be referenced.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us