Published Release Notes

Personalized table views

You can now configure tables so that users can personalize table views at run time. Users can specify which columns to display, resize and reorder columns, and set an initial sort order and initial column filter. When users save these personalized settings, the table displays the personalized view each time that users access the table.

Personalizing table views can help users work more efficiently by providing greater control over what data they see and how it is presented.

For more information, see Configuring a table for personalization.

Faster starting offline-enabled mobile apps

Pega Platform™ and Pega Infinity Mobile Client™ now support access group data prepackaging when you build the executable files for an offline-enabled mobile app. This shortens the time needed to start a mobile app for the first time, because only the data that differs between the package and the current server state is synchronized. The data that is prepackaged comes from the access group cache, and you can decide what access group cache data should be excluded or additionally included in the package.

For more information, see Enabling access group data prepackaging during build.

Test coverage support for more rule types

Test coverage has been expanded to include the following rule types. Test coverage support for these rule types enables developers to more accurately measure the effectiveness of their tests.

• Collection
• Declare trigger
• Map value
• Navigation 
• Report definition
• Scorecard

For more information about test coverage, see Test coverage.

Upgrade impact

The new rule types may impact the test coverage metrics for your applications. Due to the increased number of supported rules, the reported test coverage percentage will decrease.

What steps are required to update the application to be compatible with this change?

Run your coverage reports after upgrading to see the latest metrics.

Authentication profile for Connect REST might be removed after upgrade

The Use authentication check box has been removed from the Service tab on the Connect REST form. As a result, after an upgrade, the Authentication profile field might be blank even if an authentication profile was previously configured.

• If the Use authentication check box was cleared prior to upgrading and the Authentication profile field was configured with an authentication profile name, the Authentication profile field is blank. If you are using authentication, you must reenter the profile name.
• If the Use authentication check box was selected prior to upgrading and the Authentication profile field was configured with an authentication profile name, the Authentication profile field retains the previous configuration.

Select or edit a label format at run time

At run time in App Studio, when you edit a control, you can now select a new label format for the control or edit the currently selected label format. This change provides you with the flexibility to update control labels in real time as you process cases.

For more information, see Styling controls at run time.

Security fields in JFrog Artifactory repository rule form removed

The fields in the Security section of the JFrog Artifactory repository rule form, including the Secure protocol field, the Truststore field, and the Keystore field, were not functional in Pega Platform™ 7.3, 7.3.1, and 7.4. This section has been removed from the JFrog Artifactory repository rule form in Pega Platform 8.1.

Support for application-specific REST API calls

You can now call an authenticated REST API in the context of any application that is listed on an operator record by using the application alias URL. With the application alias URL, you can also develop REST services without changing the access group in the service package. REST services run in the context of the access group that points to the provided application, instead of the access group that is specified in the service package.

For more information, see Invoking a REST service rule.

Tamper-proof Pega Web Mashup loading

To protect your application from hackers, Pega Web Mashup is now loaded in a more secure way. The system generates a channel ID in the mashup code for validation on the server, before passing the mashup request. 

For more information, see Creating a mashup.

Upgrade impact

After an upgrade to Pega Platform 8.5, existing mashups, which do not have the channel ID parameter in their code, cannot load and users see the access control warning.

What steps are required to update the application to be compatible with this change?

If you need to maintain full availability of the mashup during the upgrade of the production environment, perform the steps in Migrating existing mashups.

Automatic separation of date input

Date fields in Date Time controls now automatically divide strings of input into days, months, and years. In single fields, the system adds slashes (/) as the user types the value. For example, an input string of 10102020 becomes 10/10/2020. In separate day/month/year fields, the system automatically switches from one field to the next as the user types the value. This enhancement improves the user experience by helping to users provide input in a more convenient and time-efficient manner.

For more information, see Configuring a Date Time control.

Improvements to OAuth 2.0 Services with Token Introspection Service and Token Denylist Service

Increase the security of user sessions by using the newly supported Token Introspection and Denylist services for OAuth 2.0.

Token Introspection service

Use the Token Introspection service to validate JSON Web Tokens (JWT). The Token Introspection service requires authentication. 

Pega now uses OAuth 2.0 access tokens called Authorized Access Tokens (AAT). 

Token Introspection service endpoint

The Token Introspection service endpoint provides the information about the status of access token and refresh token. Token introspection can be used to validate if a given token is still active or inactive. The token introspection endpoint determines whether the token is valid. The status indicates whether an access token or refresh token is valid or invalid: 

• Valid tokens have the “active”:true status
• Invalid tokens have the “active” :false status.

The inactive status can also be due to revocation. 

Token Denylist service

You can add tokens to the deny list in cases where suspicious activity might have occurred. The Token Denylist service provides a method for denying user access to the application by revoking the user's access token. This service can prevent a token from being used more than the specified number of times, which can be helpful in preventing replay attacks. Stolen tokens should be revoked using this service. A GET API is also available to get the list of denied tokens.

Keys endpoint

Pega Platform™ is changing from using opaque tokens to JSON Web (JWT) tokens. If this JWT is used by any other system, the public key is needed for signature verification. A new endpoint is exposed to provide these public keys in JWK format: https://host:port/prweb/api/oauth2/v1/token/keys.

For more information, see OAuth 2.0 Management Services.