Published Release Notes

Enabling security policies now requires current password

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

Customize your report headers

You can customize the way that the header for all of an application's reports will be displayed by overriding the section pyReportEditorHeader. Save a copy of this section into the application's ruleset, then edit it to display the information, images, and layout that you desire. Once changes are saved, each of your application's reports will automatically use the updated header.

Advanced inline report filters

You can create a custom section and use it to display report filter controls at the top of the report, replacing the default display. The custom section can include basic controls (such as a drop-down menu or text entry field), and the controls can only provide values for the filter functions established in the Edit filters section of the Query tab for the Report Definition.

Access Manager portal

Changes to the Access Manager simplify the process of modifying the access rights of features for an application. The changes, including creation of an Access Manager portal, make it easier for non-technical users, such as business architects, to set access rights even if they may not have a deep understanding of Pega 7's security model and class inheritance structure.​

Use "alternate database" as report source

You can opt to use the the "alternate database" identified in the Reports Database field of the Data-Admin-DB-Table instance that supports the Applies To class of a report as the source for the report. This reduces the load on the database that serves your application when you run the report.

Application Express and the Content Security Policy

Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.

When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.

Report Viewer provides simplified user experience

In the Report Viewer, improvements simplify the user experience when working with reports. Column headers display initial sort order and type, and you can hover over a column header to display and use its context menu, which includes options for ad-hoc sorting and filtering. Developers can specify various pagination modes and set an option to keep the header in view while users scroll through the report.

For more information, see Report Viewer.

Enhanced BIX file naming

To help clarify file names, BIX extract output files and manifest files can now contain parameters. Parameters can include the rule name, the extract's run time and date, and a unique run sequence number. Special characters such as spaces, hyphens, or number signs (#) in the output or manifest file name are converted to underscores. In addition, the pxExtractIdentifier and pxExtractDateTime columns have been added to the .csv output file.

For more information, see Extracting data with BIX and Extract rules - completing the File Specification tab.

Enhanced chart control improves displaying data as a chart

The renewed chart control has an improved properties panel and provides HTML5-compliant pie, column, bar, area, line, and gauge charts. The chart source can be a report definition, a clipboard page, or a data page. You can customize basic and threshold colors, borders, line widths, labels, and other chart elements. A preview on the property panel instantly displays the effects on the chart of property changes you make.

For more information, see Harness and section forms - Adding a chart.

HTML5-compliant chart types

Password hashing using SHA-256/SHA-512

Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.

Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.

Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.

See About password hashing for more information.