Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

   Go here for previous versions.

What's new in security 8.7

Updated on February 24, 2022

You can now find an Authentication section on the new Security tab, from which you can configure authentication services mapping in your application from the Application Definition form. Previously, the Application Definition form had an Integration and Security tab. Now, there are two separate tabs: Integration and Security.

Filter management for more streamlined user-managed Java-based filters support

Pega Cloud users can manage their URL filters by configuring Tomcat Java-based filter parameters directly in Dev Studio. You can use this feature to securely filter traffic from your application URL without needing to create service requests to manage filter parameters. After you complete your filter configurations and restart your environment cluster, your application saves them for use in your Pega Cloud environment. For more information, see Filter management.

For existing users who previously set up URL filtering using a service request, following an update to Pega Platform 8.7, your application automatically migrates your existing URL filters to your updated environments.

Email notification for expiring and expired certificates in the platform truststore to prevent system access or integration failures

You can now configure the Pega Platform to send email notifications for expiring and expired certificates that the platform truststore manages. After email notifications are configured, specified users receive information about expiring certificates to avoid losing access to the platform and to prevent any integrations from failing to function.

For more information, see Expiring certificate notifications.

Enhanced refresh token support for more secure OAuth 2.0 public clients

When configuring an OAuth 2.0 client registration, you can now select Enable Refresh Token for public clients to receive a refresh token along with an access token from the token endpoint. The public client uses the refresh token to obtain a new access token after your previous access token expires. The Pega Platform rotates a refresh token with each access token, which provides an extra layer of security. In addition, you can now designate how long an access token remains idle before it times out.

For more information, see Creating and configuring an OAuth 2.0 client registration.

Nonce option for greater protection against cross-site scripting attacks now available in the content security policy for Constellation applications

You can now add a nonce value and a time stamp to the Script-Src directive in the Content Security Policy. This option makes JavaScript usage more secure by allowing the system to run inline scripts only if the server tags them with a unique nonce value each time it transmits a policy. Requiring a nonce value prevents an attacker from injecting a script into a web page, as the attacker must predict the correct nonce value.

For more information, see Content security policies.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us