Published Release Notes

Enhanced Wait shape

Pega Platform™ now supports the enhanced Wait shape that configures the case to wait for the resolution of all child cases instead of only the child cases of a specific type. When you set up the Wait shape to stop a case until it reaches a certain status, you can decide whether the shape considers statuses from a whole case life cycle, or only the statuses after the wait begins. The enhanced Wait shape provides you with greater control over resolution of your cases. 

For more information, see Pausing and resuming processes in cases in Dev Studio, Pausing and resuming processes in cases in App Studio.

Support for the JSON Web Token Bearer grant type for accessing external APIs

You can now access external APIs by using the new OAuth 2.0 JSON Web Token (JWT) Bearer grant type, in an OAuth 2.0 authentication profile. To use the JWT Bearer grant type as a client assertion, source the JWT from an active SSO session, a token profile, or a property reference. You can use JWTs that you obtain during an OpenID Connect SSO in connectors, to achieve user impersonation flows, such as the On-Behalf-Of (OBO) flow. The OAuth 2.0 type authentication profile now also supports authentication of client applications by using Private Key JWTs.

Instances of the OAuth 2.0 provider are now deprecated. As a best practice, use the new, unified authentication profile configuration instead.

For more information, see Configuring an OAuth 2.0 authentication profile.

Upgrade impact

After an upgrade to Pega Platform 8.4 and later, Authentication Profiles can take advantage of the new JWT based OAuth 2.0 grant type and client authentication features. To take advantage of this and other new security features, you must update any existing Authentication Profiles formats must to use those in Pega Platform 8.4 and later.

What steps are required to update the application to be compatible with this change?

Since these features are available only for profiles created in Pega Platform 8.4 and later, clients must open and then save existing 'Authentication Profile' instances to ensure that the configuration is compatible with the latest authentication formats.

Sign and encrypt signatures and content with additional algorithms

You can now authenticate using JSON Web Token (JWT) token profiles to symmetrically and asymmetrically encrypt both signatures and content. All algorithms in the Nimbus JWT library are supported, including nested tokens. Custom key identifier headers (kid) are also supported. Use token profiles to securely propagate identities and transfer data between systems.

For more information, see Creating a processing JSON Web token profile.

For more information, see Creating a generation JSON Web token profile.

Case tags for improved case search

Pega Platform™ now supports enhanced tagging for case types so that you can search cases by tags. As a result, tagging is more consistent because you can define a set of suggested tags that users can add to their posts and cases. When users search for cases, they can apply several filters, for example, recently added or most frequently used tags.

For more information about tags, see Tagging cases in Dev Studio, Tagging cases in App Studio.

Case notification enhancements

Pega Platform™ now supports creating case notifications directly in Case Designer in App Studio and Dev Studio, so that you do not need to create a notification rule first and then provide the rule name in a case. You can speed up and simplify case creation by specifying recipients for each notification, without the need to create a data page for the recipients. Push notifications and email subjects can now also include properties, for example, a case ID or a goal and deadline.

For more information, see Sending event notifications from cases in Dev Studio, Sending event notifications from cases in App Studio.

Improved and simplified field-level auditing

To track the progress of your work and maintain the compliance of your cases, both App Studio and Dev Studio now support field-level auditing for case fields. Your application tracks and displays information about user updates to scalar fields, field groups, and field group lists, at any level of your case data model. For example, you can check previous and current field values, the last user to change the values, and the time of their modification. 

For more information, see Track changes in cases with improved field-level auditing (8.4), Enabling field-level auditing in Dev Studio, Enabling field-level auditing in App Studio.   

Creation of case documents in a case life cycle

To save time and further automate your business processes, Pega Platform™ now supports generating case documents as part of the case life cycle. You can ensure that the documents include all necessary information by first creating a document template in a word processor. When you create a template, you add dynamic tags that your application populates with relevant data unique to each case, for example, the case ID and current date. To make your documentation more meaningful, you can also include attachments.

For more information, see Generate case documents in a case life cycle (8.4), Generating case documents in Dev Studio, Generating case documents in App Studio.

Pulse configurations in the case type settings

In both App Studio and Dev Studio you can now configure Pulse in a simplified and user-friendly way, in the case type settings. Add Pulse posts to cases, define default and add new feed sources, and then customize the Pulse label, all without performing advanced actions, such as configuring sections. You can also define visibility conditions for each post type.

For more information, see Start collaborating faster with simplified Pulse configuration (8.4), Configuring Pulse for case types in Dev Studio, Configuring Pulse for case types in App Studio.

Custom application URL alias in the application definition

Create application URL aliases that support your ability to launch multiple Pega applications simultaneously in a single browser. This feature makes it easier for clients and your customers to log into multiple applications using the same browser and access them simultaneously. You configure your application URL alias in the application definition. For details, see Adding an application URL alias.

For more information, see Simplify access with an Application URL alias (8.4). 

Upgrade impact

After an upgrade to Pega Platform™ 8.4 and later, review to determine if and how you must update your application rules to reflect the current URL aliasing format. As part of these application rule updates, Pega also updated the URL format and value components of the clipboard property, pxRequestor.pxReqServletNameReal, which you can use to discover a servlet name. If your application uses this property to discover a servlet name, update the pxRequestor.pxReqServlet property in the application rule to use the new, required URL and value formats.

For details steps, see the section, Upgrading from Pega 8.3 or earlier: Guidelines for any required changes in your application URL aliasing, in the appropriate Pega Platform Upgrade Guide available at Deploy Pega Platform. 

What steps should the customer take to update their application?

After upgrading, you must update your JMeter test scripts. For detailed steps, see Updating JMeter test scripts after migrating to Pega 8.4.

Expanded checks for Java injection vulnerabilities (8.4)

The Java injection vulnerability check feature has been enhanced in Pega Platform™ to further prevent Java injection, including Edit validate, Edit input, and JSP rules. Pega Platform reports errors at design time and run time, and does not run any rule that includes any of the following Java code:

• JavaCompiler
• new ProcessBuilder()
• org.dita.dost.invoker
• Runtime.getRuntime()

For more information, see Configuring the Java injection check.