Published Release Notes

Restrict visibility of scalar property values for certain users

You can use the Access Control Policy rule to mask individual scalar property values from specified users. You can restrict visibility for the following property types:

• DateTime
• Integer
• Text

For more information, see Masking property visibility for users.

Package caching is not supported in offline-enabled applications built with the UI Kit 7 (09-01-01) portal

When you create an offline-enabled application in Pega^® Platform, by default, it uses a portal with the UI Kit 7 (09-01-01) ruleset. In such a case, the package caching functionality cannot be used. You must either disable caching on the Advanced tab of the Access Group rule form, in the Offline Configuration section, or use an adaptive design instead of rendering different elements for different devices with the UI Kit 7 (09-01-01) ruleset.

For more information, see Access Group form - Completing the Advanced tab.

Disable inactive operators

As a system administrator, you can control access to an application by disabling Operator IDs. To disable an Operator ID, you can use one of the following options in Designer Studio:

• Call the Service REST: user.
• Change settings on the Operator Access tab on the System Settings landing page or on the Security tab on the Operator ID form.
• Define the number of inactive days in the security policies before an Operator ID is automatically disabled.

For more information, see System Settings - Operator Access tab, Enabling Security Policies, Security tab on the Operator ID form.

PegaWAI ruleset deprecated in 8.5

Accessibility functions that were contained in the PegaWAI ruleset are now integrated into the main Pega Platform™. Consequently, the user interface in your applications now features accessibility functions out of the box, so you no longer need to use the PegaWAI ruleset to ensure accessible behavior in your application.

For more information, see Building an accessible UI.

Style radio buttons as segmented buttons

You can configure radio buttons to be displayed as segmented buttons. Segmented buttons display multiple button options in a compact format. Segmented buttons do not support vertical orientation. On the Presentation tab of the properties panel, set Control format to Other and select Segmented.

For more information, see Radio Buttons control properties – Presentation tab.

Security fields in JFrog Artifactory repository do not work

The fields in the Security section of the JFrog Artifactory repository rule form, including the Secure protocol field, the Truststore field, and the Keystore field, were not implemented. In the Pega™ Platform 7.3 Designer Studio help, disregard the optional Security section in step 4 of the Configuring a JFrog Artifactory or Amazon S3 repository connection help topic, and disregard the optional Security section in step 5 of the Creating a repository configuration help topic in the 7.3.1 Designer Studio help.

Create email correspondence by using templates

You can configure email correspondence rules by using email templates. Email templates provide custom email formats for users and give developers a greater degree of customization in designing email correspondence. Select an email template on the Corr tab of a correspondence rule by clicking Edit mode and selecting Templated email from the menu. You can also create a section as an email template by clicking Email template on the Settings tab of the section form. For more information see Creating email correspondence by using a template.

Support for application-specific REST API calls

You can now call an authenticated REST API in the context of any application that is listed on an operator record by using the application alias URL. With the application alias URL, you can also develop REST services without changing the access group in the service package. REST services run in the context of the access group that points to the provided application, instead of the access group that is specified in the service package.

For more information, see Invoking a REST service rule.

Tamper-proof Pega Web Mashup loading

To protect your application from hackers, Pega Web Mashup is now loaded in a more secure way. The system generates a channel ID in the mashup code for validation on the server, before passing the mashup request. 

For more information, see Creating a mashup.

Upgrade impact

After an upgrade to Pega Platform 8.5, existing mashups, which do not have the channel ID parameter in their code, cannot load and users see the access control warning.

What steps are required to update the application to be compatible with this change?

If you need to maintain full availability of the mashup during the upgrade of the production environment, perform the steps in Migrating existing mashups.

Cross-origin resource sharing (CORS) policies for APIs and REST services

You can now use cross-origin resource sharing (CORS) policies to control how external systems and websites (origins) are permitted to access resources such as APIs and services within your applications. For example, Pega^® Platform uses CORS policies to restrict which Pega Robotic client applications can connect to your Pega applications, and to limit which mobile apps can call Pega mobile services. Using CORS policies results in reduced cost and implementation times, while providing increased security when other systems or websites interact with your application.

For more information, see Creating a cross-origin resource sharing (CORS) policy and Mapping an endpoint to a cross-origin resource sharing (CORS) policy.