Published Release Notes

Enabling security policies now requires current password

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

Access Manager portal

Changes to the Access Manager simplify the process of modifying the access rights of features for an application. The changes, including creation of an Access Manager portal, make it easier for non-technical users, such as business architects, to set access rights even if they may not have a deep understanding of Pega 7's security model and class inheritance structure.​

Application Express and the Content Security Policy

Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.

When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.

Offline mobile apps require Dynamic Container to use frameless Single Document mode

You can add a Dynamic Container (DC) directly into a Dynamic Layout cell. When creating a custom mobile app with offline capability, you must use the frameless Single Document mode of DC.

Note that mobile offline capability does not support using a framed Single Document mode.

Password hashing using SHA-256/SHA-512

Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.

Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.

Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.

See About password hashing for more information.

The Create Build button appears grayed out when configuring and building a mobile application

When you attempt to configure and build your Android or iOS mobile application from the Mobile tab, the Create build button might appear dimmed. This issue occurs if any of the access roles in the access group were cloned from the PegaRULES:SysAdm4 access role.

Refer to Troubleshooting Pega Mobile Client to learn how to fix this issue in your application.

Offline configuration limitation

When enabling the offline capability for a case type, do not select the Enable offline check box in Case Designer because it incorrectly sets the locking strategy. Instead, select the Enable offline mode check box on the Advanced tab of the Case Type form.

To open the Case Type form from Case Designer, click Open on the Actions menu.

Support for custom pre- and post-JavaScript processing for offline flow actions

Developers of an offline-enabled mobile app can execute basic business logic before and after a flow action is rendered by adding their own JavaScript code into a custom user scripts bundle. Its functions must be called within a try/catch clause. The JavaScript code, to be executed before a flow action is rendered, is always called afterClientCache is called and before DisplayHarness is called.

Conditional online and offline map display

The way an Address Map control behaves in a offline-enabled mobile app has changed. When a mobile app is online, a live Google map is loaded as expected. If the mobile app goes offline, a predefined image of a map is loaded instead.

Troubleshooting Pega Mobile Client on the login screen

An offline mobile developer can now troubleshoot issues that are not related to incorrect credentials when signing in to the Pega Mobile Client app. On the app login screen, an alert box displays where the user can click a link to examine current log files to troubleshoot the issue. The contents of the displayed log file can be filtered.

For more information, see Troubleshooting Pega Mobile Client.