Published Release Notes

Support for OAuth 2.0 authorization code grant type

Pega Platform™ now supports the OAuth 2.0 authorization code grant type, which allows Pega Platform to act as an OAuth 2.0 access token provider for native applications on mobile and other devices. By using the authorization code grant type for mobile clients, you no longer need to implement a variety of standards for various authentication providers. The authorization code grant type also supports the Proof Key for Code Exchange standard (PKCE) for securing public clients.

For more information, see Creating and configuring an OAuth 2.0 client registration.

Use client-based access control to support EU GDPR requirements

You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.

For more information, see Client-based access control.

REST APIs added for management of agents and requestors

You can use new REST APIs to download a module version report or manage requestors and agents in Pega Platform™. For example, you can use a requestor REST API to end a requestor process, and you can use an agent REST API to start or stop an agent. These APIs allow external systems to report and manage Pega resources.

For more information, see Pega API for Pega Platform and Pega API.

Use Page-Change-Class method to change a Page class

With the release of Pega Platform™ 8.3, using the Property-Set method to change the Page class shows a guardrail warning. Use the Page-Change-Class method to change the Page class instead.

For more information about the Page-Change-Class method, see Changing the class of a page and Page-Change-Class method.

Java injection vulnerability check

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time.  You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.

For more information, see Configuring the Java injection check.

Usability improvements to Admin Studio

Admin Studio offers a variety of usability enhancements, including:

• New access groups to differentiate between full and read-only access to Admin Studio
• A Java class lookup utility
• A requestor list for the logged-on operator
• The ability to display system node type in the logs

Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.

For more information, see Managing requestors.

CyberArk password vault support added for Pega database

With the CyberArk password vault, you can store your systems' passwords in a secure, central location and retrieve them from that location instead of directly entering credentials into the systems. This support is available only for IBM WebSphere environments.

For more information, see Pega Platform deployment guides.

Support added for multiple mashups

You can now include multiple mashups on a single webpage or browser, even if the mashups have different application and authentication requirements. Use mashups to embed a Pega Platform™ application as a gadget on your website. For example, you can embed Web Chatbot and Self-Service Advisor on the same website.

For more information about mashups, see Configuring the Mashup channel.

Changes to URL format for Pega Web Mashup

The format of Pega Web Mashup URLs now supports multiple mashups on a single web page. The new URL format prevents a mashup from sharing cookies with another mashup.

If you want to include multiple mashups on a single web page and one of the mashups was created before 8.3, you must regenerate the mashup to reflect the new URL format.

For more information, see <link to help topic>.

Change tracking tab removed from declare expressions

To simplify the configuration of a declare expression, the Change tracking tab has been removed from the declare expression rule form. To use the Change tracking tab, on the declare expression rule form, click Actions > Use legacy expression.

For more information, see Supported and unsupported configurations in simplified declare expressions.

Upgrade impact

The declare expression rules have been moved from the pr4_rule table to the new pr4_rule_declare_expression table.

The upgrade can fail if you customize the pr4_rule table, such as increasing the length of an existing column.

After a successful upgrade, the declare expression rule form is simplified and lightweight pages support declare expressions.

What steps are required to update the application to be compatible with this change?

Read-only data pages by default are lightweight. You could also enable lightweight pages for:

• Editable data pages by selecting the Enable option in the editable data page rule form.
• For all pages in a REST service by using the Lightweight clipboard mode in the Service REST form in the Rest API service.

Only simplified declare expressions are supported in lightweight pages. In simplified declare expressions, context-bound rules are not supported. However, a page context could be specified on the New or Save As form of declare expressions. For more information, see Declare Expression rules - Completing the New or Save As form.