Published Release Notes

DB2-LUW database logfile size increase

To avoid running out of logfile space due to large transaction sets during the rule base load of a Pega 7.1.x install, upgrade, or maintenance level update, systems supported by a DB2-LUW database platform should increase the LOGFILSIZ parameter to at least 4096 pages from the default size of 1000 pages.

After the size has been increased, restart the database to ensure that the new setting is loaded into the database correctly.

Need to run script before updating Multitenant systems

When updating or upgrading a Multitenant system from Pega 7.1.5 or 7.1.6 to Pega 7.1.7, if that system uses either an Oracle or a PostgreSQL database, you may encounter the error:

“Table must be empty to add column.”

The Multitenant architecture requires an additional column on a number of the PRPC database tables (“pzTenantID”). In Pega 7.1.7, two additional PRPC tables were tenant-qualified: pc_schedule_task and pr_index_schedule_task. The Multitenant column is added to these tables by the update/upgrade process. However, Oracle and PostgreSQL do not allow the addition of a non-null column to an existing table unless the table is empty, so updating or upgrading systems on those databases displays the error detailed above.

To avoid this error, before beginning the update or upgrade, it is necessary to run a script:

• Oracle — OracleMTupgrade.sql
• PostgreSQL — PostgresMTupgrade.sql

For updates, these scripts are located in the /scripts/ddl directory.

For upgrades, these scripts are located in the /Resourcekit/AdditionalUpgradeScripts directory.

New JWT access token format: Authorized Access Token

Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.

The major benefits to using the JWT format are:

• The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
• A single token can be used with multiple applications.
• The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
• As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).

For more information, see Understanding authorized access tokens.

Improving basic access control

Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.

For more information, see Access Control Checks.

Upgrade impact

After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls  by using registration or encryption mechanisms.

What steps are required to update the application to be compatible with this change?

After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.