Published Release Notes

All search data is encrypted

All search data in Pega Cloud deployments is now encrypted, both at rest and in transit. The encryption of search data makes search compliant with regulatory requirements.

For more information about search, see Full-text search.

Authentication service for basic credentials

A new type of authentication service is available for authenticating operators by using basic credentials (user ID and password). The default Pega Platform™ login is now an instance of this type of authentication service. All basic credentials authentication services include mobile authentication with the OAuth 2.0 protocol and Proof Key for Code Exchange (PKCE). You no longer have to create a custom authentication service to support mobile applications.

For more information, see Configuring a basic authentication service.

Unauthenticated sessions transition seamlessly to authenticated

A new authentication service type allows a guest user to use an application without logging in, and to be prompted to authenticate later in the session. This enhancement supports scenarios such as online shopping portals where a user can browse for items and load a shopping cart as a guest but be prompted for credentials at checkout.

For more information, see Configuring an anonymous authentication service.

Create single sign-on authentication services from App Studio

You can create and enable single sign-on (SSO) authentication services from a new landing page in App Studio. From this new landing page you can also configure new SAML and OpenID Connect authentication services to provision users. For more information, see Creating a SAML SSO authentication service and Creating an OIDC SSO authentication service.

Protect against insecure deserialization

Deserialization is the process of rebuilding a data stream into a Java object. The Open Web Application Security Project (OWASP) has identified insecure deserialization as one of the top 10 security vulnerabilities for web applications. Pega Platform™ protects against this vulnerability by using filters that prevent deserialization of suspect data streams. You can configure these filters from the Deserialization Blacklist landing page.

For more information, see Configuring the deserialization filter.

Changes to the Attach Content control in Pega Client for Windows

Users who access offline-enabled Pega Platform™ applications from Pega Client for Windows can now use the Attach Content control within a case view to attach files with a native file picker control or take screenshots with a device camera. Images are immediately attached to the case, and image file names are based on a time stamp. If a device has no camera, the client skips the source selection step and the native file picker control opens.

For more information, see Harness and Sections forms – Adding an Attach Content control.

Manage test ID access with an access group role

Test IDs for user interface components are available only to users who have the PegaRULES:TestID role added to their access group. This requirement allows administrators to limit access to test IDs to users who create or run tests. At run time, applications do not include the test ID data for users without the PegaRULES:TestID role, which reduces the amount of code that is downloaded to the client.

For more information see Managing Test ID access with an access group role

Text file rules support the Google Closure Compiler

Text file rules support Google Closure Compiler as the default option for minification of JavaScript code. Minification reduces the size of JavaScript in text file rules for faster download. Access the Closure Compiler by selecting it in the Minification menu in a text file rule. For more information, see Text File rules - Completing the Main tab.

Date range option added to DateTime control

The autogenerated DateTime control, used in forms, now features a custom date range option in the calendar picker. To specify a time period, click the From date and To date fields on an interactive calendar overlay. This input method is both convenient and mobile-friendly.

Enhancements to the AJAX container

It is now possible to set a document limit for an AJAX container, between 2 and 16 to control the number of documents opened by users. To reduce development time, you can also choose a new option to have no default view. The multidocument mode features tabbed navigation so that users can switch between open documents. A tabless container, on the other hand, includes an out-of-the-box navigation action for Home, which helps application users move within the portal.

For more information, see Configuring the AJAX container.