Published Release Notes

Email listener enhancements for faster email processing

Enhanced email listeners now process more emails in less time. To increase throughput, you can configure email listeners to process several emails simultaneously, instead of one at a time.

For more information, see Creating an email listener.

Support for data page aggregation

You can now aggregate data from multiple sources for faster and easier implementations. With this feature, you can load data pages more easily without using an activity or data transform. 

For more information, see Creating a data page. 

Sign and encrypt signatures and content with additional algorithms

You can now authenticate using JSON Web Token (JWT) token profiles to symmetrically and asymmetrically encrypt both signatures and content. All algorithms in the Nimbus JWT library are supported, including nested tokens. Custom key identifier headers (kid) are also supported. Use token profiles to securely propagate identities and transfer data between systems.

For more information, see Creating a processing JSON Web token profile.

For more information, see Creating a generation JSON Web token profile.

Improved contracts for implementations

For more complete contracts, automations now support embedded pages, default values, and picklists. These enhancements provide a more robust model for inputs and outputs that is easier to update and maintain.

For more information, see Viewing automations.

Enhanced OpenAPI Specification generation

To better understand the purpose of your REST API, you can now generate a more complete OpenAPI Specification (OAS) from REST service rules in Pega Platform™. The system uses relevant records to build an accurate schema definition for page and page list outputs, and generate stronger schema type definitions for all inputs, outputs, and fields, such as array or boolean. You can also generate OAS by mapping values to JSON or Clipboard in the request, or mapping values from JSON or Clipboard in the response. 

For more information, see Service REST rules.

Enhancements to automations for defining Pega API contracts

With enhanced automations, you can now pass embedded pages, specify default values for optional input parameters, and define a set of values for inputs by using the picklist or enumerated field types. The new enhancements make your applications easier to define and maintain, and you can now provide callers of Pega APIs with a clear description of the API.

For more information, see Viewing automations.

Autopopulated properties support savable data pages

To more easily source data, you can now save an autopopulated property that references a savable data page. For properties that you autopopulate by copy, save plans now execute on the copy, instead of on the data page. These enhancements reduce implementation time and make the applications that you build more manageable.

Custom application URL alias in the application definition

Create application URL aliases that support your ability to launch multiple Pega applications simultaneously in a single browser. This feature makes it easier for clients and your customers to log into multiple applications using the same browser and access them simultaneously. You configure your application URL alias in the application definition. For details, see Adding an application URL alias.

For more information, see Simplify access with an Application URL alias (8.4). 

Upgrade impact

After an upgrade to Pega Platform™ 8.4 and later, review to determine if and how you must update your application rules to reflect the current URL aliasing format. As part of these application rule updates, Pega also updated the URL format and value components of the clipboard property, pxRequestor.pxReqServletNameReal, which you can use to discover a servlet name. If your application uses this property to discover a servlet name, update the pxRequestor.pxReqServlet property in the application rule to use the new, required URL and value formats.

For details steps, see the section, Upgrading from Pega 8.3 or earlier: Guidelines for any required changes in your application URL aliasing, in the appropriate Pega Platform Upgrade Guide available at Deploy Pega Platform. 

What steps should the customer take to update their application?

After upgrading, you must update your JMeter test scripts. For detailed steps, see Updating JMeter test scripts after migrating to Pega 8.4.

Add the security checklist to applications created before 7.3.1

The security checklist is now automatically added to applications. You can manually add the security checklist to applications that were created in earlier versions.

You can improve the security of your application by completing the tasks on the checklist.

The following task reflects the procedure on how to manually add the security checklists to Designer Studio prior to 7.3.1:

1. In the header of Designer Studio, click the name of the application, and then click Definition.
2. Click the Documentation tab.
3. In the Application guides section, click Add guide.
4. In the Application guide& field, enter pxApplicationSecurityChecklist.
5. Click the Configure icon in the Available in column and select the portals (App Studio and Dev Studio) that you want to add the security checklist to.
6. Click Save.

Expanded checks for Java injection vulnerabilities (8.4)

The Java injection vulnerability check feature has been enhanced in Pega Platform™ to further prevent Java injection, including Edit validate, Edit input, and JSP rules. Pega Platform reports errors at design time and run time, and does not run any rule that includes any of the following Java code:

• JavaCompiler
• new ProcessBuilder()
• org.dita.dost.invoker
• Runtime.getRuntime()

For more information, see Configuring the Java injection check.