Published Release Notes

Enabling security policies now requires current password

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

Reporting

This release had a focus on extending key capabilities to improve the functionality and ease of use of reporting features based on early adopter feedback.  A series of cosmetic changes and fixes are also included.

• Multiple boxes may be checked on List view checkboxes
• Dashboard Charts slider has been improved.
• Summary View reports and charts have been enhanced.
• Column properties can be added to a report in the Report Editor.
• List view column widths can be set by Smart Info.
• Listviews will display correctly for updated systems.
• Improvements to the GuardRail Report.

BIX performance improvements for CSV output in the Pega Cloud

BIX performance has been enhanced to download up to 25 GB of data per hour for extracts from a BLOB-less class table for CSV output. This high-throughput option is available only for Pega Cloud instances that use a Postgres database. This option is used automatically for these types of extracts.

When this option is used, the –x and –c command-line options for BIX are not supported, and the checkSum field in the manifest summary is not populated. If you need these options, you can revert to the previous implementation by using a setting in the prconfig.xml file.

For more information, see BIX high-throughput data downloads in the Pega Cloud.

Add custom HTTP response headers in your application

The Pega 7 Platform supports the addition of custom security HTTP headers that are supported by your browser. For example, you can now create custom X-Frame-Options, X-XSS-Protection, and Strict-Transport-Security headers. These headers improve the security of your application against client-based attacks.

For more information, see Creating a custom application header. 

Attribute-based access control model

Attribute-based access control (ABAC) is a security authorization model in which access rights are determined through the use of policies and attributes. A policy decision engine in ABAC evaluates digital policies against available data (attributes) to permit or deny access to the requested resource. For example, you can now determine access rights to cases by examining security attribute values assigned to the user and the case.

For more information, see Attribute-based access control.

Case-insensitive filtering in reports

Filtering in reports is now case-insensitive, improving the reporting and searching experience. You can turn off case-insensitive filtering, for example, by using an activity. You might want to do this if your index is too big or if the length of time it takes for indexing impacts performance.

For more information on report filtering, see Editing filter conditions.

All search data is encrypted

All search data in Pega Cloud deployments is now encrypted, both at rest and in transit. The encryption of search data makes search compliant with regulatory requirements.

For more information about search, see Full-text search.

Authentication service for basic credentials

A new type of authentication service is available for authenticating operators by using basic credentials (user ID and password). The default Pega Platform™ login is now an instance of this type of authentication service. All basic credentials authentication services include mobile authentication with the OAuth 2.0 protocol and Proof Key for Code Exchange (PKCE). You no longer have to create a custom authentication service to support mobile applications.

For more information, see Configuring a basic authentication service.

Unauthenticated sessions transition seamlessly to authenticated

A new authentication service type allows a guest user to use an application without logging in, and to be prompted to authenticate later in the session. This enhancement supports scenarios such as online shopping portals where a user can browse for items and load a shopping cart as a guest but be prompted for credentials at checkout.

For more information, see Configuring an anonymous authentication service.

Create single sign-on authentication services from App Studio

You can create and enable single sign-on (SSO) authentication services from a new landing page in App Studio. From this new landing page you can also configure new SAML and OpenID Connect authentication services to provision users. For more information, see Creating a SAML SSO authentication service and Creating an OIDC SSO authentication service.