Published Release Notes

Page assertions are supported for PegaUnit test cases

You can now create page assertions for PegaUnit test cases. Because data transforms and activities can create or remove pages, you can configure page assertions to determine whether a page exists after you run PegaUnit test cases.

For more information, see Configuring page assertions.

Authenticate REST data sources by using OAuth 2.0

You can now authenticate the data sources that are created from your REST integration by configuring OAuth 2.0 authentication in the New REST Integration wizard. You can specify or create an OAuth 2.0 authentication profile in the wizard by using the client credentials or authorization code grant type.

For more information, see OAuth 2.0 in REST integration.

Pega Composite Gateway not required for Pega Web Mashup

The Pega Composite Gateway servlet (prgateway.rar file) is no longer required for Pega Web Mashup gadgets. You can now use web mashups without deploying the Gateway. Support for the Gateway will continue, but it is a best practice not to use it for the Pega Web Mashup in Pega 7.2.1 and later versions.

New hashing algorithm for Password property types

To provide extra protection against brute-force attacks, a new hashing algorithm has been added to the Pega 7 Platform. Bcrypt is used as a default hashing algorithm for Password property types. The bcrypt key setup algorithm takes a long time to process. This means that potential attackers would have to spend a substantial amount of time testing every possible key.

For more information, see Using the bcrypt hashing algorithm for Password property types.

Discovery features for access control policies

Access control policies now support discovery features that allow end users to view limited, customizable information about class instances that fail Read policies but satisfy Discover policies. Two types of Discovery gadgets are provided, and when discovery features are enabled, a Discovery gadget is included in the Report Viewer and in search results. Developers can customize these gadgets and include them in other parts of an application user interface.

For more information, see Discovery features for access control policies.

Update and delete actions available in access control policies

Access control policies support update and delete actions on objects. These actions control which specific instances of a class can be created, updated, or deleted by an end user in a case.

For more information, see Creating an access control policy.

Customized data imports

You can now further customize the data import process in Data Designer by:

• Setting a default import purpose and preventing the selection of an import purpose to speed up frequent imports of the same kind
• Removing the import purposes that you do not need for your data type
• Defining a default field mapping between the fields in the .csv file and the fields in your data type that act as a unique identifier (key), to save time during the import process
• Skipping the import progress screen and showing progress contextually within your application
• Including the link for data import anywhere in your application or calling it in the background from a service or agent

For more information, see Data import customization.

Enhanced data imports

The data import process in Data Designer has been enhanced to give you more options. You can now import case types, save and use templates for field mapping, add data without updating existing data, specify date and time formats, and reprocess erroneous records by downloading a .csv file that lists the errors in your data import. You can also adjust the data import wizard to the context where it is included.

For more information, see Data import enhancements. 

Terminate sessions for operators from outside the Pega 7 Platform

The newly added Users REST API allows an authorized administrator to terminate sessions for one or more operator IDs from outside the Pega^® 7 Platform. A typical use case for this API is to terminate a user’s session when the user's security credentials, which are stored externally, are known to have changed.

Access the Pega API by clicking Resources > Pega API.

Conditional filter logic supported in access control policy conditions

In the Access Control Policy Condition rule form, you can now add conditional logic that allows you to apply different access control policy conditions based on different situations, such as different types of users. The policy condition filters that are enforced  are based on the results of Access When rules. Conditional filters can be configured to allow certain highly privileged users to bypass access control security in certain situations. This is accomplished by entering an Access When but leaving the conditional logic field blank.  When such a filter is applied to a read access policy it also should be applied to the corresponding discover policy.

For more information, see Creating an access control policy condition.