Improving basic access control
Valid from Pega Version 8.5
Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.
For more information, see Access Control Checks.
Upgrade impact
After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls by using registration or encryption mechanisms.
What steps are required to update the application to be compatible with this change?
After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.
Search and Reporting does not index large items
Valid from Pega Version 8.5
When using the Search and Reporting (SRS) microservice in Pega Platform™ 8.5, you might encounter problems with indexing large out-of-the-box rules. The issue is not visible in Queue Processors, but you can access logs to verify which items the system does not index.
PegaWAI ruleset deprecated in 8.5
Valid from Pega Version 8.5
Accessibility functions that were contained in the PegaWAI ruleset are now integrated into the main Pega Platform™. Consequently, the user interface in your applications now features accessibility functions out of the box, so you no longer need to use the PegaWAI ruleset to ensure accessible behavior in your application.
For more information, see Building an accessible UI.
Tags disappear from Rich Text Editor source mode
Valid from Pega Version 8.5
When you use Rich Text Editor in HTML source mode, some tags disappear from the markup, which causes backward compatibility issues and data loss.
Cause
Pega Platform™ version 8.5.5 introduced the DOM Purifier security plugin. The plugin removes potentially vulnerable tags, including custom tags, from the raw HTML code in the Rich Text Editor source mode.
Workaround
You can disable the DOM Purifier plugin by adding the the window.disableDomPurifier = true
markup to the userWorkForm HTML fragment rule.
Alternatively, as of Pega Platform version 8.5.6, you can add a tag to the allow list by including the window.rteCustomAllowedTags = ['myCustomTag']
snippet in the userWorkForm HTML fragment rule.
In Pega Platform versions 8.5.6 to 8.6, the iframe
tag is added to the allow list by default.