Published Release Notes

Enabling security policies now requires current password

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

Decision Strategy Manager

Fixes were made that improve the configuration and execution of Batch Decisions. In particular,  the capability to use Structured Data has been enhanced. Some notable improvements have also been made to the UI of Visual Business Director.

• The structured data input configuration will now work even though there is no data.
• VBD has been enhanced to work with Version 7.1.
• The structured data input configuration will now work with nested structures.
• Association rules from Version 6.3 will now work with 7.1 structured data.

Support for OAuth 2.0 authorization code grant type

Pega Platform™ now supports the OAuth 2.0 authorization code grant type, which allows Pega Platform to act as an OAuth 2.0 access token provider for native applications on mobile and other devices. By using the authorization code grant type for mobile clients, you no longer need to implement a variety of standards for various authentication providers. The authorization code grant type also supports the Proof Key for Code Exchange standard (PKCE) for securing public clients.

For more information, see Creating and configuring an OAuth 2.0 client registration.

Use client-based access control to support EU GDPR requirements

You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.

For more information, see Client-based access control.

Automatic retries for the SAVE operation on records

Batch and real-time data flow runs now automatically retry the SAVE operation on records when an error occurs because of resource unavailability. This functionality ensures that the records are eventually saved if the target data set is only temporarily unavailable, for example, because of load or network issues.

You can configure the default number of retries for the entire system in a dynamic system setting. To adjust the setting to different resource allocations and operating environments, you can update that number for each data flow run.

For more information, see Changing the number of retries for SAVE operations, Creating a batch run for data flows, and Creating a real-time run for data flows.

Cassandra 3.11.3 support for Pega Platform

Increase your system's reliability and reduce its memory footprint by upgrading the internal Cassandra database to version 3.11.3.

For on-premises Pega Platform™ users, after you upgrade to Pega 8.3, it is recommended that you manually upgrade to Cassandra 3.11.3. You can upgrade to Cassandra 3.11.3 on all operating systems except IBM AIX. If you do not want to upgrade to Cassandra 3.11.3, you can continue to use Cassandra 2.1.20, which is still supported.

For Pega Cloud Services 2.13 and later versions, Cassandra automatically upgrades to version 3.11.3 after your environment is upgraded to Pega Platform 8.3.

For information on how to manually upgrade to Cassandra 3.11.3, see the Pega Platform 8.3 Upgrade Guide for your server and database at Deploy Pega Platform.

Upgrade impact

After an on-premises Pega Platform upgrade, you still have the older version of Cassandra and must manually upgrade.

What steps are required to update the application to be compatible with this change?

To upgrade Cassandra, you must create a prconfig setting or a dynamic system setting with the new Cassandra version and then do a rolling restart of all the Decision Data Store nodes to upgrade them to the latest version of Cassandra.

Java injection vulnerability check

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time.  You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.

For more information, see Configuring the Java injection check.

Usability improvements to Admin Studio

Admin Studio offers a variety of usability enhancements, including:

• New access groups to differentiate between full and read-only access to Admin Studio
• A Java class lookup utility
• A requestor list for the logged-on operator
• The ability to display system node type in the logs

Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.

For more information, see Managing requestors.

REST API for monitoring DSM services

Decision Strategy Manager (DSM) now provides a REST API that you can use to monitor DSM services without having to access Pega Platform™. By integrating your daily monitoring tools with the management REST API, you can retrieve a list of DSM nodes, check the status of these nodes, and view details of a service from all nodes in the cluster.

For more information, see Getting started with Pega API for Pega Platform.

Create custom criteria for proposition filters by using the condition builder

Proposition filters now use the condition builder to define the criteria that a proposition or group of propositions must match in order to be offered to a customer. The condition builder provides a simple, flexible tool for selecting and grouping the entry criteria.

For more information, see Create custom criteria for Proposition Filter rules with the condition builder (8.3).