Published Release Notes

Enabling security policies now requires current password

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

Required Oracle optimization parameter

To optimize performance, set the Oracle parameter optimizer_index_cost_adj to a value between 20 and 25. If this value is not set, the system can run exceedingly slowly, potentially blocking users from login.

Split schema upgrade instructions missing properties

If you upgraded from 5.x, 6.x, or 7.x using the instructions in previous versions of the upgrade guide, you may have neglected to set the properties below in your migrateSystem.properties file when you migrated your upgraded schema to the source system:

pega.rules.objects.generate=true

pega.rules.objects.apply=true

If these properties were not set during an upgrade that splits the schema, your environment does not have the indexes, triggers, and primary keys on the rules tables.

To check for this issue, see if the pr4_base and pr4_rule rules tables in your existing rules schema are missing primary keys. If they are, use the SQL scripts in the ResourceKit\MigrationRecoveryScripts directory of the release to cleanup duplicate rules that were created due to this issue. Follow the steps below to run the scripts.

To run the scripts on Microsoft SQL, Oracle, or PostgreSLQ

1. Take down any app servers using the affected schema.
2. Backup your database.
3. Replace all instances of @RULES_SCHEMA in <database>_cleanDups.sql with the name of the schema that contains the pr4_base table.
4. Run the <database>_cleanDups.sql script on the database with vendor tools (sqlPlus, SQL Server Management Studio, etc).
5. Replace all instances of @RULES_SCHEMA in <database>_fix_vw_table.sql with the name of the schema that contains the pr4_base table.
6. Run the <database>_fix_vw_table.sql script on the database with vendor tools (sqlPlus, SQL Server Management Studio, etc).
7. Generate and apply the ddl using the command line generateDDL command. Check the installation guide for your database or the upgrade guide for details about how to use the generateDDL command line script.
8. Rebuild the indexes for the tables in your rules schema using vendor tools. This is necessary so that your system runs at an optimum speed.
9. Optionally upgrade to the latest release, at this point your database is ready to be upgraded or used depending on your needs.

To run the scripts on DB2 for LUW or z/OS

1. Take down any app servers using the affected schema.
2. Backup your database.
3. Run the <database>_cleanDups.sql script on the database with vendor tools (UDB CLP, Data Studio, etc) to create the CLEANSE_RULES_DUPS stored procedure.
4. Run the query Call CLEANSE_RULES_DUPS(‘<rulesSchema>’); where <rulesSchema> is the name of schema that contains the pr4_base table.
5. After the previous step is complete drop the CLEANSE_RULES_DUPS procedure.
6. Replace all instances of @RULES_SCHEMA in <database>_fix_vw_table.sql with the name of the schema that contains the pr4_base table.
7. Run the <database>_fix_vw_table.sql script on the database with vendor tools (UDB CLP, Data Studio, etc).
8. Generate and apply the ddl using the command line generateDDL command. Check the installation guide for your database or the upgrade guide for details about how to use the generateDDL command line script.
9. Rebuild the indexes for the tables in your rules schema using vendor tools. This is necessary so that your system runs at an optimum speed.
10. Optionally upgrade to the latest release. At this point your database is ready to be upgraded or used depending on your needs.

Synchronized database and application server settings

Configure your database and application server to use the same time zone and character encoding to avoid conflicts.

System Management

The PRPC installer has been enhanced to handle additional error conditions related to partial installs and duplicate keys; additionally, the hotfix rollback feature has been improved, and the Rulebase compare tool now supports HTTP(S) environments.

• Rollback feature has been enhanced.
• RuleBase Compare will work for secure (HTTPS) environments as well as  non-secure (HTTP) environments.
• Install will gracefully handle the presence of a duplicate key during import.
• When install fails, system will set tables back to original state.
• Remote MBean methods will now work on multi-servant load-balancing systems.
• Enhancements were made to harnesses in Split Schema systems.

Addition of Data Access Tab to access control policy condition rules

You can now select associations and declarative index classes when creating access control policy condition rules. The Column source field in the policy condition can now accept properties from available associations and indexes. For ease of reference, the selected associations and indexes are available on the new Data Access tab. 

Using the new tab, you can build complex authorization models in which access restrictions for a class depend on the attributes present in the associated and indexed classes, along with the attributes in the current class. For example, a project management application can now separately maintain project lists for each operator and use that information to restrict read/write access to unique projects.

The information available on the new Data Access tab reflects rule form changes, which are similar to the existing functionality of the Report Definition in the Application Data Model. 

For more information, see Creating an access control policy condition.

Addition of Servlet Management

Pega Platform™ now has Servlet Management in Pega Cloud® Services, which provides a simple and secure way to make changes to Pega Platform servlet definitions.

Servlet Management provides Pega Cloud Service clients with solutions to manage servlet configurations with self-service options. This reduces the cycle time for delivering configuration changes in Pega Cloud Service installations while also improving upgrade reliability. 

For more information, see Servlet management.

Upgrade impact

Clients with no application servlet customizations will not experience an impact. If you upgrade from Pega Platform version 8.5 or earlier and, prior to the upgrade, the Pega Cloud team provided your application servlet customizations, then following the upgrade, you must manually add, remove, or modify your servlet customizations in your upgraded application using this servlet management landing page in Pega Platform.

What steps are required to update the application to be compatible with this change?

To manually move your pre-upgrade servlet customizations as appropriate or add new ones to your upgraded application using the new servlet management landing page, follow the steps in Adding a servlet.

Cosmos React-UI supports custom authentication

Pega Platform™ now supports custom authentication in applications that use Cosmos React-UI. Depending on the needs of your users and the functionality of your application, you might need to write custom authentication schemes to meet specific requirements. 

Clients that use custom authentication in their applications can now take advantage of the Cosmos React-UI.

For more information, see Securing Cosmos React-UI applications.

Integration and security tab now divided into two tabs

The Integration and Security tab is now two separate tabs on the Application Definition form: Integration and Security. While the content of these two tabs are related, they function more effectively as separate tabs. The Security tab now includes the Authentication section, so you can add existing authentication services to your Application Definition to more effectively manage the security of your application. 

For more information, see Security tab of the Application Definition.

Improved security after hiding SQL values

In Pega Platform™ version 8.6, the default value of the showSQLInList dynamic system setting changes to FALSE, which suppresses the visibility of the SQL values in the Clipboard tool. With this setting disabled, when you run a report definition the clipboard does not display sensitive values in the pxSQLStatementPre and pxSQLStatementPost properties, which makes your system less vulnerable. If you want to display the values, in the .prconfig file, set the prconfig/security/showSQLInListPage/default to TRUE.