Published Release Notes

Add custom HTTP response headers in your application

The Pega 7 Platform supports the addition of custom security HTTP headers that are supported by your browser. For example, you can now create custom X-Frame-Options, X-XSS-Protection, and Strict-Transport-Security headers. These headers improve the security of your application against client-based attacks.

For more information, see Creating a custom application header. 

Attribute-based access control model

Attribute-based access control (ABAC) is a security authorization model in which access rights are determined through the use of policies and attributes. A policy decision engine in ABAC evaluates digital policies against available data (attributes) to permit or deny access to the requested resource. For example, you can now determine access rights to cases by examining security attribute values assigned to the user and the case.

For more information, see Attribute-based access control.

Support for the decisioning-enabled NLP text analyzer in IVAs and Email Bots

You can now use the new intelligent natural language processing (iNLP) text analyzer in Pega Intelligent Virtual Assistants™ (IVAs) and Pega Email Bots™. This advanced text analyzer is decisioning-enabled and empowers IVA or Email Bot for all conversational channels to provide smarter responses. The decisioning capability in the system integrates text analytics with strategies, prepositions, and interaction history, to provide the context for making better next-best-action decisions.

For more information, see Use the decisioning-enabled NLP text analyzer in IVAs and Email Bots, Defining advanced Facebook text analyzer configuration and Facebook channel behavior.

Upgrade impact

Existing channels remain with the current configuration, and their current functionality does not change. Channels created after the upgrade automatically use the new text analyzer.  

What steps are required to update the application to be compatible with this change?

The new text analyzer is enabled or disabled using a new interactive API (iAPI) selection, which is selected by default for new channels. You can disable the iAPI for new channels if you want to maintain current functionality. You can also enable it for existing channels if you want to move existing channels to the new functionality.

Java injection vulnerability check

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time.  You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.

For more information, see Configuring the Java injection check.

Usability improvements to Admin Studio

Admin Studio offers a variety of usability enhancements, including:

• New access groups to differentiate between full and read-only access to Admin Studio
• A Java class lookup utility
• A requestor list for the logged-on operator
• The ability to display system node type in the logs

Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.

For more information, see Managing requestors.

Support for multiple work queues in the Email Manager portal

Pega Email Bot™ now provides multiple work queues in the Email Manager portal. With this functionality, operators, such as customer service representatives, can now triage cases more efficiently by selecting different work queues. Operators have access to work queues only for the current Pega Platform™ application.

For more information, see Email Manager portal.

Automatic model training when mapping entities to case properties in Email Bot

You can now initiate automatic feedback to entity models in Pega Email Bot™, during manual mapping of email content to a case property.

To enable automatic feedback, you set the Work-Channel-Triage.pyIsRuntimeFeedback rule to true in Pega Platform™. By default this feature is disabled. Enabling this feature ensures that the email bot is more responsive by automatically copying detected entities, such as names, locations, dates, and ZIP codes, to case type properties of a case type.

For more information, see Email triage, Email channel NLP model and Enabling the NLP model training for the email channel.

Improved rich user interface controls in IVA for Web Chatbot

In Pega Intelligent Virtual Assistant™ (IVA) for Web Chatbot, you can use additional rich user interface controls, such as the time and date picker or a simple form, to help users accomplish tasks more quickly and to limit errors. IVA for Web Chat can now also display a welcome message in the chat window, for example, to inform the user about the person with whom they are chatting.

For more information, see Streamline conversations in IVA for Web Chatbot with rich user interface controls.

Upgrade impact

The new Ul controls for Web Chatbot are enabled by default upon upgrade. If you do not want the controls enabled, you must disable them.

Also, if you have changed the styles for the welcome message, you may need to make changes to the welcome message to incorporate the new areas in the bot conversation area (such as quick replies).

What steps are required to update the application to be compatible with this change?

Existing channels will behave as they did previously, so you should determine whether you want to use the new UI controls. If you want to use the new Ul controls, configure the new design-time options.

If you have changed the default styles for the welcome message, review the new settings to ensure that the welcome message is configured properly. 

Token credentials authentication service

You can create a new type of authentication service for token credentials authentication, which is useful for offline mobile applications. With token credentials authentication, users need to enter their credentials only once in a session. Subsequent access to the server is authenticated with a token. The token can be generated by the Pega Platform™ authorization layer (OAuth 2.0) or issued by an external identity provider.

For more information, see Configuring a token credentials authentication service.

Platform truststore for validating certificates

Pega Platform™ now includes a platform truststore, to which you can import X.509 certificates that are common across platform applications. When a certificate needs to be validated, Pega Platform looks for the certificate at the connector level, then in the platform truststore, and finally in the application server (JVM) truststore. You can add, update, and delete certificates in the platform truststore without having to restart the server, which is useful when TLS certificates are changed for reasons such as key rotation.

For more information, see Importing an X.509 certificate.