Published Release Notes

The Scratch Pad tool is no longer available

The Scratch Pad tool is no longer available. To add properties to a report from an end user portal, use the Data Explorer. The Data Explorer provides an efficient way to find a property or calculation to include as a column in a report.

For more information, see Data Explorer.

Integrated Application Security Checklist helps you deploy a secure application

Pega^® Platform now provides an Application Security Checklist that you can refer to when you prepare your application for deployment. By completing the recommended tasks in this checklist, you can track your progress, access instructional information for tasks, and verify that your configurations are secure.

For more information, see Preparing your application for secure deployment, Compliance Score tab, Designer Studio — Home page.

Encrypt sensitive case data by using a secure default Pega Platform cipher and AWS KMS keys

You can encrypt sensitive data within your application without having to write custom cipher classes. You can configure encryption on the Data Encryption landing page by using your own keys managed in your private Amazon Web Services Key Management Service (AWS KMS) instance. Pega^® Platform encryption uses keys that are stored in AWS KMS to support both time-based and on-demand key rotation. Technical issues can arise in some cases, for example, if a key is deleted from AWS KMS.

For more information, see Potential problems with keystores when using AWS KMS, Configuring a Platform cipher, Types of ciphers.

REST services support password credentials and JWT Bearer grant types

Pega^® Platform REST services now support password credentials and the JWT (JSON Web Token) Bearer grant type when you enable OAuth 2.0-based authentication. By using password credentials, you can quickly migrate clients from direct authentication schemes, provide additional flexibility when other grants are not available, and integrate your application with REST services in other applications. You can add compatibility with modern JWT-based cloud security IDPs by using the JWT Bearer grant type.

For more information, see About OAuth 2.0 Provider data instances, OAuth 2.0 Client Registration data instances - Completing the Client Information tab, Creating an Identity Mapping data instance.

Custom scaling on x-axis for bubble charts

Bubble charts now support custom scaling for the x-axis as well as the y-axis. For example, you can now configure a fixed range for the x-axis.

For information about including a chart in a report, see Adding or editing charts from the Report Definition rule form.

Enable users to save charts as .png files

You can now enable users to save a report chart as a .png file. On the Chart tab of the Report Definition rule form, click General settings and select the Export chart to image check box. When you select this option, users are provided with the Save as image option, which they can use to save an image of the chart to include in a Word document or email.

For information about including a chart in a report, see Adding or editing charts from the Report Definition rule form.

Enhancements to exporting reports to Excel

When you export report results to Microsoft Excel, the process now creates a Data sheet and an Info sheet in the Excel file. By default, the Info sheet contains the report title, filters used to generate the report, the date when the report was generated, and the number of results returned.

If you want the report title and filters to display in the first sheet instead of the Info sheet, you can disable the default functionality. For more information, see Disabling the creation of an Info sheet in Excel output.

Behavior changes when reporting on descendant classes

Report Definitions that use the Report on descendant class instances option with the Include all descendant classes option apply only to the Applies to Class. Join classes are not included as they were in previous Pega^® Platform versions. The following example shows what happens for each possible scenario for Report on descendant class instances when the report is defined on ClassA with a class join with Work-.

• If Report on descendant class instances is disabled, the report runs against ClassA and the join happens with Work-. The behavior is the same in Pega 7.3.1 as it is in previous Pega Platform versions.
• If Report on descendant class instances is enabled, and Include single implementation class is selected, the report runs against ClassA and the join happens with the MySampleClass implementation class. The behavior is the same in Pega 7.3.1 as it is in previous Pega Platform versions.
• If Report on descendant class instances is enabled, and Include all descendant classes is selected, the report runs against ClassA and its descendants and the join happens with Work-. In previous Pega Platform versions, the join happened with the MySampleClass implementation class.

Support for the JSON Web Token Bearer grant type for accessing external APIs

You can now access external APIs by using the new OAuth 2.0 JSON Web Token (JWT) Bearer grant type, in an OAuth 2.0 authentication profile. To use the JWT Bearer grant type as a client assertion, source the JWT from an active SSO session, a token profile, or a property reference. You can use JWTs that you obtain during an OpenID Connect SSO in connectors, to achieve user impersonation flows, such as the On-Behalf-Of (OBO) flow. The OAuth 2.0 type authentication profile now also supports authentication of client applications by using Private Key JWTs.

Instances of the OAuth 2.0 provider are now deprecated. As a best practice, use the new, unified authentication profile configuration instead.

For more information, see Configuring an OAuth 2.0 authentication profile.

Upgrade impact

After an upgrade to Pega Platform 8.4 and later, Authentication Profiles can take advantage of the new JWT based OAuth 2.0 grant type and client authentication features. To take advantage of this and other new security features, you must update any existing Authentication Profiles formats must to use those in Pega Platform 8.4 and later.

What steps are required to update the application to be compatible with this change?

Since these features are available only for profiles created in Pega Platform 8.4 and later, clients must open and then save existing 'Authentication Profile' instances to ensure that the configuration is compatible with the latest authentication formats.

Sign and encrypt signatures and content with additional algorithms

You can now authenticate using JSON Web Token (JWT) token profiles to symmetrically and asymmetrically encrypt both signatures and content. All algorithms in the Nimbus JWT library are supported, including nested tokens. Custom key identifier headers (kid) are also supported. Use token profiles to securely propagate identities and transfer data between systems.

For more information, see Creating a processing JSON Web token profile.

For more information, see Creating a generation JSON Web token profile.