Published Release Notes

Java injection vulnerability check

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time.  You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.

For more information, see Configuring the Java injection check.

Usability improvements to Admin Studio

Admin Studio offers a variety of usability enhancements, including:

• New access groups to differentiate between full and read-only access to Admin Studio
• A Java class lookup utility
• A requestor list for the logged-on operator
• The ability to display system node type in the logs

Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.

For more information, see Managing requestors.

Token credentials authentication service

You can create a new type of authentication service for token credentials authentication, which is useful for offline mobile applications. With token credentials authentication, users need to enter their credentials only once in a session. Subsequent access to the server is authenticated with a token. The token can be generated by the Pega Platform™ authorization layer (OAuth 2.0) or issued by an external identity provider.

For more information, see Configuring a token credentials authentication service.

Platform truststore for validating certificates

Pega Platform™ now includes a platform truststore, to which you can import X.509 certificates that are common across platform applications. When a certificate needs to be validated, Pega Platform looks for the certificate at the connector level, then in the platform truststore, and finally in the application server (JVM) truststore. You can add, update, and delete certificates in the platform truststore without having to restart the server, which is useful when TLS certificates are changed for reasons such as key rotation.

For more information, see Importing an X.509 certificate.

Support for additional key management services

By supporting additional key management services, Pega Platform™ offers you increased flexibility when defining keys that are used for encryption of application and internal system data. You can now create keystores that reference keys from key management services such as Microsoft Azure Key Vault, HashiCorp Vault, and Google Cloud KMS, in addition to Amazon KMS. You can also create a keystore that references other key management services through the use of a data page.

For more information, see Configuring a Microsoft Azure Key Vault keystore, Configuring a HashiCorp Vault keystore, and Configuring a Google Cloud KMS keystore.

Addition of Data Access Tab to access control policy condition rules

You can now select associations and declarative index classes when creating access control policy condition rules. The Column source field in the policy condition can now accept properties from available associations and indexes. For ease of reference, the selected associations and indexes are available on the new Data Access tab. 

Using the new tab, you can build complex authorization models in which access restrictions for a class depend on the attributes present in the associated and indexed classes, along with the attributes in the current class. For example, a project management application can now separately maintain project lists for each operator and use that information to restrict read/write access to unique projects.

The information available on the new Data Access tab reflects rule form changes, which are similar to the existing functionality of the Report Definition in the Application Data Model. 

For more information, see Creating an access control policy condition.

Addition of Servlet Management

Pega Platform™ now has Servlet Management in Pega Cloud® Services, which provides a simple and secure way to make changes to Pega Platform servlet definitions.

Servlet Management provides Pega Cloud Service clients with solutions to manage servlet configurations with self-service options. This reduces the cycle time for delivering configuration changes in Pega Cloud Service installations while also improving upgrade reliability. 

For more information, see Servlet management.

Upgrade impact

Clients with no application servlet customizations will not experience an impact. If you upgrade from Pega Platform version 8.5 or earlier and, prior to the upgrade, the Pega Cloud team provided your application servlet customizations, then following the upgrade, you must manually add, remove, or modify your servlet customizations in your upgraded application using this servlet management landing page in Pega Platform.

What steps are required to update the application to be compatible with this change?

To manually move your pre-upgrade servlet customizations as appropriate or add new ones to your upgraded application using the new servlet management landing page, follow the steps in Adding a servlet.

Cosmos React-UI supports custom authentication

Pega Platform™ now supports custom authentication in applications that use Cosmos React-UI. Depending on the needs of your users and the functionality of your application, you might need to write custom authentication schemes to meet specific requirements. 

Clients that use custom authentication in their applications can now take advantage of the Cosmos React-UI.

For more information, see Securing Cosmos React-UI applications.

Integration and security tab now divided into two tabs

The Integration and Security tab is now two separate tabs on the Application Definition form: Integration and Security. While the content of these two tabs are related, they function more effectively as separate tabs. The Security tab now includes the Authentication section, so you can add existing authentication services to your Application Definition to more effectively manage the security of your application. 

For more information, see Security tab of the Application Definition.