Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

Default support for skip links

Valid from Pega Version 8.4

All Pega Platform™ access groups now support skip links by default. Before, you had to create special access groups for users who require skip links for screen readers. Now, the feature is automatically enabled for every group, which improves the user experience and simplifies development.

Improved reliability of Visual Business Director

Valid from Pega Version 8.4

Improvements to the reliability of Visual Business Director (VBD) eliminate the impact of temporary access loss to the VBD cluster. The improvements include the ability to continue writing data to a VBD dataset while the corresponding server node is unavailable, enhancements to single-case data flows that write data to VBD, and a reduction in the VBD cache size.

For more information, see Eliminate the impact of temporary access loss to the VBD cluster (8.4).

Mobile Settings tab in Designer Studio

Valid from Pega Version 7.1.6

The Mobile Settings tab in Designer Studio is used when wrapping a mobile application (app) to create a hybrid mobile app. Building an app using this process customizes the app's user interface displayed to users who access the app via the Pega 7 mobile app, available as a free download in the Apple iTunes and Google Play app stores.

Mobile apps that are designed to be accessed using the Pega 7 app require Pega Mobile 4.1.1 to be installed when designing the app.

This tab also provides fields for managing mobile app distribution, including using a QR Code to quickly access an application's URL and 

See How to build and brand a hybrid mobile application.

Support for application-specific REST API calls

Valid from Pega Version 8.5

You can now call an authenticated REST API in the context of any application that is listed on an operator record by using the application alias URL. With the application alias URL, you can also develop REST services without changing the access group in the service package. REST services run in the context of the access group that points to the provided application, instead of the access group that is specified in the service package.

For more information, see Invoking a REST service rule.

Tamper-proof Pega Web Mashup loading

Valid from Pega Version 8.5

To protect your application from hackers, Pega Web Mashup is now loaded in a more secure way. The system generates a channel ID in the mashup code for validation on the server, before passing the mashup request. 

For more information, see Creating a mashup.

Upgrade impact

After an upgrade to Pega Platform 8.5, existing mashups, which do not have the channel ID parameter in their code, cannot load and users see the access control warning.

What steps are required to update the application to be compatible with this change?

If you need to maintain full availability of the mashup during the upgrade of the production environment, perform the steps in Migrating existing mashups.

Enhancements to email approvals in a case

Valid from Pega Version 7.2.1

The following enhancements have been made to email approvals in a case:

  • In Designer Studio, you can quickly access the correspondence rule to customize the email template by clicking the Configure email template link on an approval step.
  • In Designer Studio, you can add or remove the fields that are displayed in the approval email by customizing the associated Review view.
  • In Case Designer, you can now quickly enable email approval when you click an approval step and route it to another user without having to switch to Process Modeler if you are working Designer Studio or switching to Designer Studio if you are working in express mode.
  • Recipients of email approvals can quickly open cases by clicking the links to the related cases that are provided in the emails.

For more information, see Email approval enhancements in a case type.

Automatic separation of date input

Valid from Pega Version 8.5

Date fields in Date Time controls now automatically divide strings of input into days, months, and years. In single fields, the system adds slashes (/) as the user types the value. For example, an input string of 10102020 becomes 10/10/2020. In separate day/month/year fields, the system automatically switches from one field to the next as the user types the value. This enhancement improves the user experience by helping to users provide input in a more convenient and time-efficient manner.

For more information, see Configuring a Date Time control.

Improvements to OAuth 2.0 Services with Token Introspection Service and Token Denylist Service

Valid from Pega Version 8.5

Increase the security of user sessions by using the newly supported Token Introspection and Denylist services for OAuth 2.0.

Token Introspection service

Use the Token Introspection service to validate JSON Web Tokens (JWT). The Token Introspection service requires authentication. 

Pega now uses OAuth 2.0 access tokens called Authorized Access Tokens (AAT). 

Token Introspection service endpoint

The Token Introspection service endpoint provides the information about the status of access token and refresh token. Token introspection can be used to validate if a given token is still active or inactive. The token introspection endpoint determines whether the token is valid. The status indicates whether an access token or refresh token is valid or invalid: 

  • Valid tokens have the “active”:true status
  • Invalid tokens have the “active” :false status.

The inactive status can also be due to revocation. 

Token Denylist service

You can add tokens to the deny list in cases where suspicious activity might have occurred. The Token Denylist service provides a method for denying user access to the application by revoking the user's access token. This service can prevent a token from being used more than the specified number of times, which can be helpful in preventing replay attacks. Stolen tokens should be revoked using this service. A GET API is also available to get the list of denied tokens.

Keys endpoint

Pega Platform™ is changing from using opaque tokens to JSON Web (JWT) tokens. If this JWT is used by any other system, the public key is needed for signature verification. A new endpoint is exposed to provide these public keys in JWK format: https://host:port/prweb/api/oauth2/v1/token/keys.

 

For more information, see OAuth 2.0 Management Services.

Support for seamless transitions between IVAs and customer service representatives

Valid from Pega Version 8.4

To ensure the best user experience in chat sessions with a Pega Intelligent Virtual Assistant™ (IVA), customer service representatives (CSRs) can now step in and take control of a chat session multiple times, when the chatbot is not capable of correctly answering the user. After the user problem is resolved, the CSR can seamlessly switch control of the chat session back to the chatbot.

Custom activities protection

Valid from Pega Version 8.4

Unauthorized users can no longer access or use custom activities. This enhancement improves system security and makes application maintenance more intuitive.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us