Published Release Notes

Style charts in the application skin

You can now style charts in your application skin by selecting Charts in the Controls section and setting a theme. When you style charts by using a theme, charts that are generated for report definition reports and the autogenerated chart control are styled consistently, and you do not need to style charts individually. In addition, you can preview chart themes in the Skin form to see how different charts look without launching an application.

For more information, see Styling charts in the application skin.

Enhancement for specifying filter conditions in reports

You now have the option to select comparison values from a list of available values when you add or edit the filter conditions for a report in Pega Express. This option is available for all columns, except for numeric or text columns when the comparator setting is Greater than, Greater than or equal, Less than, or Less than or equal.

For more information, see Adding filter conditions.

New Automated Testing landing page

The new Automated Testing landing page displays all the PegaUnit test cases in your application. You can use it to quickly access, run, and view results of tests. In addition, if you have the AutomatedTesting privilege enabled, you can switch to the Automated Unit Testing landing page to access rules that are supported by both PegaUnit testing and Automated Unit Testing, such as activities.

For more information, refer to Automated Testing landing page.

Support for application-specific REST API calls

You can now call an authenticated REST API in the context of any application that is listed on an operator record by using the application alias URL. With the application alias URL, you can also develop REST services without changing the access group in the service package. REST services run in the context of the access group that points to the provided application, instead of the access group that is specified in the service package.

For more information, see Invoking a REST service rule.

Tamper-proof Pega Web Mashup loading

To protect your application from hackers, Pega Web Mashup is now loaded in a more secure way. The system generates a channel ID in the mashup code for validation on the server, before passing the mashup request. 

For more information, see Creating a mashup.

Upgrade impact

After an upgrade to Pega Platform 8.5, existing mashups, which do not have the channel ID parameter in their code, cannot load and users see the access control warning.

What steps are required to update the application to be compatible with this change?

If you need to maintain full availability of the mashup during the upgrade of the production environment, perform the steps in Migrating existing mashups.

New formats for styling report data grids

When you view a report, the data grid that is displayed is now styled by using either the List report format or the Summarized report format, depending on the report type. With this enhancement, you can display report data differently, and perhaps more effectively, than other grids in your portal. In the skin of your application, these new formats will be added and upgraded automatically by copying the Default format for the Trees & grids layout type, which was previously used to style reports.

For more information, see Modifying data grid formats for reports.

Flow rules not supported in IE8

In versions prior to 7.1.2, flow rules do not open in Internet Explorer 8 (IE8). Upgrade your system to the latest version of PRPC or access flows from another supported browser.

Automated Unit Testing is unavailable

Automated Unit Testing (AUT) is unavailable in 7.1.1 - 7.1.5.

Starting in 7.1.6, users can access AUT features from supported browser versions of IE.

Automatic separation of date input

Date fields in Date Time controls now automatically divide strings of input into days, months, and years. In single fields, the system adds slashes (/) as the user types the value. For example, an input string of 10102020 becomes 10/10/2020. In separate day/month/year fields, the system automatically switches from one field to the next as the user types the value. This enhancement improves the user experience by helping to users provide input in a more convenient and time-efficient manner.

For more information, see Configuring a Date Time control.

Improvements to OAuth 2.0 Services with Token Introspection Service and Token Denylist Service

Increase the security of user sessions by using the newly supported Token Introspection and Denylist services for OAuth 2.0.

Token Introspection service

Use the Token Introspection service to validate JSON Web Tokens (JWT). The Token Introspection service requires authentication. 

Pega now uses OAuth 2.0 access tokens called Authorized Access Tokens (AAT). 

Token Introspection service endpoint

The Token Introspection service endpoint provides the information about the status of access token and refresh token. Token introspection can be used to validate if a given token is still active or inactive. The token introspection endpoint determines whether the token is valid. The status indicates whether an access token or refresh token is valid or invalid: 

• Valid tokens have the “active”:true status
• Invalid tokens have the “active” :false status.

The inactive status can also be due to revocation. 

Token Denylist service

You can add tokens to the deny list in cases where suspicious activity might have occurred. The Token Denylist service provides a method for denying user access to the application by revoking the user's access token. This service can prevent a token from being used more than the specified number of times, which can be helpful in preventing replay attacks. Stolen tokens should be revoked using this service. A GET API is also available to get the list of denied tokens.

Keys endpoint

Pega Platform™ is changing from using opaque tokens to JSON Web (JWT) tokens. If this JWT is used by any other system, the public key is needed for signature verification. A new endpoint is exposed to provide these public keys in JWK format: https://host:port/prweb/api/oauth2/v1/token/keys.

For more information, see OAuth 2.0 Management Services.