Published Release Notes

Specify styles at run time in Pega Express

At run time in Pega^® Express, you can now apply styling to many controls. Styling options vary from one control to another. For example, when you style a Dropdown control, you can specify text color, background fill and color, and border width and color. When you style controls directly in Pega Express, rather than switching to Designer Studio to modify the application skin, you can save development time.

For more information, see Styling controls at run time in Pega Express.

Quicker approach for reusing processes in a stage

You can now reuse processes more quickly in a stage when you define the life cycle for a case type. Reusing processes saves time and makes it easier to define processes for a stage instead of creating new ones. You can also reuse processes faster when you add parallel processes to a stage.

For more information, see Quick access for reusing processes in a stage.

Support for application-specific REST API calls

You can now call an authenticated REST API in the context of any application that is listed on an operator record by using the application alias URL. With the application alias URL, you can also develop REST services without changing the access group in the service package. REST services run in the context of the access group that points to the provided application, instead of the access group that is specified in the service package.

For more information, see Invoking a REST service rule.

Tamper-proof Pega Web Mashup loading

To protect your application from hackers, Pega Web Mashup is now loaded in a more secure way. The system generates a channel ID in the mashup code for validation on the server, before passing the mashup request. 

For more information, see Creating a mashup.

Upgrade impact

After an upgrade to Pega Platform 8.5, existing mashups, which do not have the channel ID parameter in their code, cannot load and users see the access control warning.

What steps are required to update the application to be compatible with this change?

If you need to maintain full availability of the mashup during the upgrade of the production environment, perform the steps in Migrating existing mashups.

Automatic separation of date input

Date fields in Date Time controls now automatically divide strings of input into days, months, and years. In single fields, the system adds slashes (/) as the user types the value. For example, an input string of 10102020 becomes 10/10/2020. In separate day/month/year fields, the system automatically switches from one field to the next as the user types the value. This enhancement improves the user experience by helping to users provide input in a more convenient and time-efficient manner.

For more information, see Configuring a Date Time control.

Improvements to OAuth 2.0 Services with Token Introspection Service and Token Denylist Service

Increase the security of user sessions by using the newly supported Token Introspection and Denylist services for OAuth 2.0.

Token Introspection service

Use the Token Introspection service to validate JSON Web Tokens (JWT). The Token Introspection service requires authentication. 

Pega now uses OAuth 2.0 access tokens called Authorized Access Tokens (AAT). 

Token Introspection service endpoint

The Token Introspection service endpoint provides the information about the status of access token and refresh token. Token introspection can be used to validate if a given token is still active or inactive. The token introspection endpoint determines whether the token is valid. The status indicates whether an access token or refresh token is valid or invalid: 

• Valid tokens have the “active”:true status
• Invalid tokens have the “active” :false status.

The inactive status can also be due to revocation. 

Token Denylist service

You can add tokens to the deny list in cases where suspicious activity might have occurred. The Token Denylist service provides a method for denying user access to the application by revoking the user's access token. This service can prevent a token from being used more than the specified number of times, which can be helpful in preventing replay attacks. Stolen tokens should be revoked using this service. A GET API is also available to get the list of denied tokens.

Keys endpoint

Pega Platform™ is changing from using opaque tokens to JSON Web (JWT) tokens. If this JWT is used by any other system, the public key is needed for signature verification. A new endpoint is exposed to provide these public keys in JWK format: https://host:port/prweb/api/oauth2/v1/token/keys.

For more information, see OAuth 2.0 Management Services.

Browser unresponsive when logging in to Designer Studio

The What's new in 7.4 widget on the Designer Studio home page uses WebGL to render its background animation. If your browser is running on a virtual machine without hardware acceleration, your browser might become unresponsive because of this widget. Click the Hide this until next release button to remove the widget. At your next login, the widget will not be displayed.

Search and Reporting does not index large items

When using the Search and Reporting (SRS) microservice in Pega Platform™ 8.5, you might encounter problems with indexing large out-of-the-box rules. The issue is not visible in Queue Processors, but you can access logs to verify which items the system does not index.

New interaction history attribute

Pega^® Platform 7.4 introduces the pySubjectType attribute that is used in interaction history aggregations. This attribute is populated for interaction history records that were created in release 7.4. For records that originated in earlier releases, the attribute must be set in the following scenarios:

• Single-level decisioning frameworks that use interaction history.
• Multi-level decisioning frameworks where interaction history is used by two or more levels of strategies that are defined on different classes.

For the single-level scenario, configure the Dynamic System Setting that sets the pySubjectType attribute when your framework reads interaction history records. The value of this Dynamic System Setting becomes the name of the customer class.

For the multi-level scenario, update the database table for all strategy levels manually. For each level, make sure that the value in the Subject Type column is set to the name of the class for the corresponding strategy. For example, the value for the top level strategy should be set to the name of the class of that strategy.

For more information about interaction history aggregations, see Data Sources landing page

For more information about multi-line strategies and contexts, see Strategy components - Embedded strategy

Improved identification and handling of code assembly errors

Code assembly error logs are now more meaningful and help you identify root causes with better accuracy. Pega Platform™ now also invalidates erroneous assembly to facilitate successful reassembly when the code is accessed again. For example, if a section is not correctly assembled when a user first signs in to the system, the application attempts to reassemble that section the next time a user signs in. In this way, you can avoid lingering issues and improve stability.