Published Release Notes

Use Page-Change-Class method to change a Page class

With the release of Pega Platform™ 8.3, using the Property-Set method to change the Page class shows a guardrail warning. Use the Page-Change-Class method to change the Page class instead.

For more information about the Page-Change-Class method, see Changing the class of a page and Page-Change-Class method.

Java injection vulnerability check

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time.  You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.

For more information, see Configuring the Java injection check.

Usability improvements to Admin Studio

Admin Studio offers a variety of usability enhancements, including:

• New access groups to differentiate between full and read-only access to Admin Studio
• A Java class lookup utility
• A requestor list for the logged-on operator
• The ability to display system node type in the logs

Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.

For more information, see Managing requestors.

CyberArk password vault support added for Pega database

With the CyberArk password vault, you can store your systems' passwords in a secure, central location and retrieve them from that location instead of directly entering credentials into the systems. This support is available only for IBM WebSphere environments.

For more information, see Pega Platform deployment guides.

Support added for multiple mashups

You can now include multiple mashups on a single webpage or browser, even if the mashups have different application and authentication requirements. Use mashups to embed a Pega Platform™ application as a gadget on your website. For example, you can embed Web Chatbot and Self-Service Advisor on the same website.

For more information about mashups, see Configuring the Mashup channel.

Changes to URL format for Pega Web Mashup

The format of Pega Web Mashup URLs now supports multiple mashups on a single web page. The new URL format prevents a mashup from sharing cookies with another mashup.

If you want to include multiple mashups on a single web page and one of the mashups was created before 8.3, you must regenerate the mashup to reflect the new URL format.

For more information, see <link to help topic>.

Change tracking tab removed from declare expressions

To simplify the configuration of a declare expression, the Change tracking tab has been removed from the declare expression rule form. To use the Change tracking tab, on the declare expression rule form, click Actions > Use legacy expression.

For more information, see Supported and unsupported configurations in simplified declare expressions.

Upgrade impact

The declare expression rules have been moved from the pr4_rule table to the new pr4_rule_declare_expression table.

The upgrade can fail if you customize the pr4_rule table, such as increasing the length of an existing column.

After a successful upgrade, the declare expression rule form is simplified and lightweight pages support declare expressions.

What steps are required to update the application to be compatible with this change?

Read-only data pages by default are lightweight. You could also enable lightweight pages for:

• Editable data pages by selecting the Enable option in the editable data page rule form.
• For all pages in a REST service by using the Lightweight clipboard mode in the Service REST form in the Rest API service.

Only simplified declare expressions are supported in lightweight pages. In simplified declare expressions, context-bound rules are not supported. However, a page context could be specified on the New or Save As form of declare expressions. For more information, see Declare Expression rules - Completing the New or Save As form.

Redirectguests mashup configuration has been removed

The authentication/redirectguests server configuration and data-pega-redirectguests attribute have been removed and are no longer required when you configure a mashup. This prevents you from needing to maintain multiple nodes to support some use cases that require the configuration value to be true and other uses cases that require the configuration value to be false.

For more information, see Configuring the Mashup channel.

MBeans deprecated in favor of Pega API

The use of MBeans for cluster management has been deprecated, although MBeans will continue to function for legacy deployments. The recommended best practice for automating system management is to use the Pega API. For more information, see Pega API.

Support for the JSON Web Token Bearer grant type for accessing external APIs

You can now access external APIs by using the new OAuth 2.0 JSON Web Token (JWT) Bearer grant type, in an OAuth 2.0 authentication profile. To use the JWT Bearer grant type as a client assertion, source the JWT from an active SSO session, a token profile, or a property reference. You can use JWTs that you obtain during an OpenID Connect SSO in connectors, to achieve user impersonation flows, such as the On-Behalf-Of (OBO) flow. The OAuth 2.0 type authentication profile now also supports authentication of client applications by using Private Key JWTs.

Instances of the OAuth 2.0 provider are now deprecated. As a best practice, use the new, unified authentication profile configuration instead.

For more information, see Configuring an OAuth 2.0 authentication profile.

Upgrade impact

After an upgrade to Pega Platform 8.4 and later, Authentication Profiles can take advantage of the new JWT based OAuth 2.0 grant type and client authentication features. To take advantage of this and other new security features, you must update any existing Authentication Profiles formats must to use those in Pega Platform 8.4 and later.

What steps are required to update the application to be compatible with this change?

Since these features are available only for profiles created in Pega Platform 8.4 and later, clients must open and then save existing 'Authentication Profile' instances to ensure that the configuration is compatible with the latest authentication formats.