Sign and encrypt signatures and content with additional algorithms
Valid from Pega Version 8.4
You can now authenticate using JSON Web Token (JWT) token profiles to symmetrically and asymmetrically encrypt both signatures and content. All algorithms in the Nimbus JWT library are supported, including nested tokens. Custom key identifier headers (kid) are also supported. Use token profiles to securely propagate identities and transfer data between systems.
For more information, see Creating a processing JSON Web token profile.
For more information, see Creating a generation JSON Web token profile.
Expanded checks for Java injection vulnerabilities (8.4)
Valid from Pega Version 8.4
The Java injection vulnerability check feature has been enhanced in Pega Platform™ to further prevent Java injection, including Edit validate, Edit input, and JSP rules. Pega Platform reports errors at design time and run time, and does not run any rule that includes any of the following Java code:
- JavaCompiler
- new ProcessBuilder()
- org.dita.dost.invoker
- Runtime.getRuntime()
For more information, see Configuring the Java injection check.