Published Release Notes

Enabling security policies now requires current password

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

Access Manager portal

Changes to the Access Manager simplify the process of modifying the access rights of features for an application. The changes, including creation of an Access Manager portal, make it easier for non-technical users, such as business architects, to set access rights even if they may not have a deep understanding of Pega 7's security model and class inheritance structure.​

Application Express and the Content Security Policy

Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.

When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.

Password hashing using SHA-256/SHA-512

Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.

Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.

Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.

See About password hashing for more information.

Support for custom pre- and post-JavaScript processing for offline flow actions

Developers of an offline-enabled mobile app can execute basic business logic before and after a flow action is rendered by adding their own JavaScript code into a custom user scripts bundle. Its functions must be called within a try/catch clause. The JavaScript code, to be executed before a flow action is rendered, is always called afterClientCache is called and before DisplayHarness is called.

Conditional online and offline map display

The way an Address Map control behaves in a offline-enabled mobile app has changed. When a mobile app is online, a live Google map is loaded as expected. If the mobile app goes offline, a predefined image of a map is loaded instead.

Troubleshooting Pega Mobile Client on the login screen

An offline mobile developer can now troubleshoot issues that are not related to incorrect credentials when signing in to the Pega Mobile Client app. On the app login screen, an alert box displays where the user can click a link to examine current log files to troubleshoot the issue. The contents of the displayed log file can be filtered.

For more information, see Troubleshooting Pega Mobile Client.

New Pega Mobile Client debugging options

The Mobile tab on the Application form contains two new options: a check box for enabling debugging in the Pega Mobile Client app, and a drop-down field for setting the log level to one of the following levels: Silent, Error, Warning, Info, or Debug.

For more information, see Mobile settings reference.

Ability to view a PDF file while offline

Users of offline-enabled mobile apps can now tap a button to view a PDF file, regardless of whether the user is online or offline. The associated button, link, or icon must have a Run Script action defined that calls the pega.ui.pdf.view() function with two parameters: applicationName and pdfName. The PDF file itself must be uploaded to a Rule-File-Binary rule.

For more information, see How to set up viewing of PDF file while offline.

Building a Pega Mobile Client with custom modules

When you build a Pega Mobile Client mobile app using the Pega 7 Platform, you can now include Android or iOS custom modules. The custom modules must be included in the assets.zip file that contains the Pega Mobile Client branding and customization details.

For more information, see Building a mobile web app into a hybrid mobile app.