Published Release Notes

Application Express and the Content Security Policy

Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.

When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.

Report Viewer provides simplified user experience

In the Report Viewer, improvements simplify the user experience when working with reports. Column headers display initial sort order and type, and you can hover over a column header to display and use its context menu, which includes options for ad-hoc sorting and filtering. Developers can specify various pagination modes and set an option to keep the header in view while users scroll through the report.

For more information, see Report Viewer.

Enhanced BIX file naming

To help clarify file names, BIX extract output files and manifest files can now contain parameters. Parameters can include the rule name, the extract's run time and date, and a unique run sequence number. Special characters such as spaces, hyphens, or number signs (#) in the output or manifest file name are converted to underscores. In addition, the pxExtractIdentifier and pxExtractDateTime columns have been added to the .csv output file.

For more information, see Extracting data with BIX and Extract rules - completing the File Specification tab.

List view and summary view reports might not display in HTML5-compliant browsers

List view and summary view reports use framesets to provide a view of drill-down reports. HTML5 does not support framesets, so these reports might not display well, or at all, in versions of browsers that are compliant with HTML5.

To prevent display issues, re-create the custom list view and summary view reports that you need as report definition reports. Standard management reports are already available as report definition reports.

As of Pega 7.2, list view and summary view rules are deprecated. For more information, see Discontinued support for list view and summary view rules.

Enhanced chart control improves displaying data as a chart

The renewed chart control has an improved properties panel and provides HTML5-compliant pie, column, bar, area, line, and gauge charts. The chart source can be a report definition, a clipboard page, or a data page. You can customize basic and threshold colors, borders, line widths, labels, and other chart elements. A preview on the property panel instantly displays the effects on the chart of property changes you make.

For more information, see Harness and section forms - Adding a chart.

HTML5-compliant chart types

Password hashing using SHA-256/SHA-512

Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.

Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.

Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.

See About password hashing for more information.

Addition of Data Access Tab to access control policy condition rules

You can now select associations and declarative index classes when creating access control policy condition rules. The Column source field in the policy condition can now accept properties from available associations and indexes. For ease of reference, the selected associations and indexes are available on the new Data Access tab. 

Using the new tab, you can build complex authorization models in which access restrictions for a class depend on the attributes present in the associated and indexed classes, along with the attributes in the current class. For example, a project management application can now separately maintain project lists for each operator and use that information to restrict read/write access to unique projects.

The information available on the new Data Access tab reflects rule form changes, which are similar to the existing functionality of the Report Definition in the Application Data Model. 

For more information, see Creating an access control policy condition.

Addition of Servlet Management

Pega Platform™ now has Servlet Management in Pega Cloud® Services, which provides a simple and secure way to make changes to Pega Platform servlet definitions.

Servlet Management provides Pega Cloud Service clients with solutions to manage servlet configurations with self-service options. This reduces the cycle time for delivering configuration changes in Pega Cloud Service installations while also improving upgrade reliability. 

For more information, see Servlet management.

Upgrade impact

Clients with no application servlet customizations will not experience an impact. If you upgrade from Pega Platform version 8.5 or earlier and, prior to the upgrade, the Pega Cloud team provided your application servlet customizations, then following the upgrade, you must manually add, remove, or modify your servlet customizations in your upgraded application using this servlet management landing page in Pega Platform.

What steps are required to update the application to be compatible with this change?

To manually move your pre-upgrade servlet customizations as appropriate or add new ones to your upgraded application using the new servlet management landing page, follow the steps in Adding a servlet.

Cosmos React-UI supports custom authentication

Pega Platform™ now supports custom authentication in applications that use Cosmos React-UI. Depending on the needs of your users and the functionality of your application, you might need to write custom authentication schemes to meet specific requirements. 

Clients that use custom authentication in their applications can now take advantage of the Cosmos React-UI.

For more information, see Securing Cosmos React-UI applications.

Integration and security tab now divided into two tabs

The Integration and Security tab is now two separate tabs on the Application Definition form: Integration and Security. While the content of these two tabs are related, they function more effectively as separate tabs. The Security tab now includes the Authentication section, so you can add existing authentication services to your Application Definition to more effectively manage the security of your application. 

For more information, see Security tab of the Application Definition.