Published Release Notes

Improving basic access control

Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.

For more information, see Access Control Checks.

Upgrade impact

After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls  by using registration or encryption mechanisms.

What steps are required to update the application to be compatible with this change?

After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.

New JWT access token format: Authorized Access Token

Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.

The major benefits to using the JWT format are:

• The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
• A single token can be used with multiple applications.
• The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
• As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).

For more information, see Understanding authorized access tokens.

Add the security checklist to applications created before 7.3.1

The security checklist is now automatically added to applications. You can manually add the security checklist to applications that were created in earlier versions.

You can improve the security of your application by completing the tasks on the checklist.

The following task reflects the procedure on how to manually add the security checklists to Designer Studio prior to 7.3.1:

1. In the header of Designer Studio, click the name of the application, and then click Definition.
2. Click the Documentation tab.
3. In the Application guides section, click Add guide.
4. In the Application guide& field, enter pxApplicationSecurityChecklist.
5. Click the Configure icon in the Available in column and select the portals (App Studio and Dev Studio) that you want to add the security checklist to.
6. Click Save.

Tamper-proof Pega Web Mashup loading

To protect your application from hackers, Pega Web Mashup is now loaded in a more secure way. The system generates a channel ID in the mashup code for validation on the server, before passing the mashup request. 

For more information, see Creating a mashup.

Upgrade impact

After an upgrade to Pega Platform 8.5, existing mashups, which do not have the channel ID parameter in their code, cannot load and users see the access control warning.

What steps are required to update the application to be compatible with this change?

If you need to maintain full availability of the mashup during the upgrade of the production environment, perform the steps in Migrating existing mashups.

Behavior changes when reporting on descendant classes

Report Definitions that use the Report on descendant class instances option with the Include all descendant classes option apply only to the Applies to Class. Join classes are not included as they were in previous Pega^® Platform versions. The following example shows what happens for each possible scenario for Report on descendant class instances when the report is defined on ClassA with a class join with Work-.

• If Report on descendant class instances is disabled, the report runs against ClassA and the join happens with Work-. The behavior is the same in Pega 7.3.1 as it is in previous Pega Platform versions.
• If Report on descendant class instances is enabled, and Include single implementation class is selected, the report runs against ClassA and the join happens with the MySampleClass implementation class. The behavior is the same in Pega 7.3.1 as it is in previous Pega Platform versions.
• If Report on descendant class instances is enabled, and Include all descendant classes is selected, the report runs against ClassA and its descendants and the join happens with Work-. In previous Pega Platform versions, the join happened with the MySampleClass implementation class.

Failed Robotic Assignments work queue type changed to Standard

The default Failed Robotic Assignments work queue type is now Standard. In previous releases, the default type was Robotic. For usage information, see Configuring a work queue for robotic automation.

Upgrade impact

After upgrading to Pega Platform 8.5 and later, you cannot save case types in which you configure the Queue for robot smart shape to route new assignments to the Failed Robotic Assignments work queue. Existing assignments that you routed to the Failed Robotic Assignments work queue are not affected.

How do I update my application to be compatible with this change?

As a best practice, do not use the Failed Robotic Assignments work queue in your custom implementations. Instead, configure the Queue for robot smart shape to route new assignments to a Robotic work queue. When possible, update existing case types to use the robotic work queues that you created in your application.

Legacy Parse XML rule configurations must be upgraded to edit them

If your application has Parse XML rules that use the legacy configuration from Pega Platform™ 5.x, you cannot edit these rules after you upgrade to Pega Platform 8.6 until after you upgrade them to use tree-based parse rule configuration.

You must upgrade a Parse XML rule that you want to edit if it shows the following warning when you open it in Dev Studio.

This type of Parse XML rule is deprecated. An upgrade should be performed.

An option to upgrade also displays below the message.

Upgrade impact

Parse XML rules with the legacy configuration do not map data to the clipboard, and the rule definition is empty. After you upgrade to Pega Platform 8.6, you cannot edit Parse XML rules that you created in Pega Platform 5.x or earlier until you upgrade them to use tree-based parse rule configuration.

What steps are required to update an application to be compatible with this change?

Update legacy Parse XML rules to use tree-based parse rule configuration before you edit them in Pega Platform 8.6. Using tree-based parse rules is considered a best practice.

1. Open the legacy Parse XML rule.
2. On the Mapping tab, click Upgrade.
   Result: The Allow tree editing? check box is displayed and is automatically selected. You can add attributes and elements to the tree structure, or delete them.
3. Save the upgraded rule configuration.

For more information, see Parse XML rules.

Insights from 8.5 require additional configuration after upgrade

Upgrade impact

After you upgrade Pega Platform™ version 8.5 to 8.6, the Explore Data landing page might not include insights that come from the earlier version of the product.

What steps are required to update the application to be compatible with this change?

Run the pxUpgrade85Insights activity to make all insights from version 8.5 accessible for you in 8.6. By running this activity, you upgrade insights with new metadata that is required in version 8.6. For example, the pxUpgrade85Insights activity provides you with the option to set the visibility of insights to private, public or shared.

For more information about insights, see Visualizing data with insights.

Addition of Servlet Management

Pega Platform™ now has Servlet Management in Pega Cloud® Services, which provides a simple and secure way to make changes to Pega Platform servlet definitions.

Servlet Management provides Pega Cloud Service clients with solutions to manage servlet configurations with self-service options. This reduces the cycle time for delivering configuration changes in Pega Cloud Service installations while also improving upgrade reliability. 

For more information, see Servlet management.

Upgrade impact

Clients with no application servlet customizations will not experience an impact. If you upgrade from Pega Platform version 8.5 or earlier and, prior to the upgrade, the Pega Cloud team provided your application servlet customizations, then following the upgrade, you must manually add, remove, or modify your servlet customizations in your upgraded application using this servlet management landing page in Pega Platform.

What steps are required to update the application to be compatible with this change?

To manually move your pre-upgrade servlet customizations as appropriate or add new ones to your upgraded application using the new servlet management landing page, follow the steps in Adding a servlet.