Enabling security policies now requires current password
Valid from Pega Version 7.1.3
As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced. When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.
For more details, review the Designer Studio > System > Settings > Security Policies landing page.
Access Manager portal
Valid from Pega Version 7.1.5
Changes to the Access Manager simplify the process of modifying the access rights of features for an application. The changes, including creation of an Access Manager portal, make it easier for non-technical users, such as business architects, to set access rights even if they may not have a deep understanding of Pega 7's security model and class inheritance structure.
Application Express and the Content Security Policy
Valid from Pega Version 7.1.7
Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.
When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.
Password hashing using SHA-256/SHA-512
Valid from Pega Version 7.1.7
Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.
Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.
Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.
See About password hashing for more information.
Support for custom pre- and post-JavaScript processing for offline flow actions
Valid from Pega Version 7.1.9
Developers of an offline-enabled mobile app can execute basic business logic before and after a flow action is rendered by adding their own JavaScript code into a custom user scripts bundle. Its functions must be called within a try
/catch
clause. The JavaScript code, to be executed before a flow action is rendered, is always called afterClientCache is called and before DisplayHarness is called.
Conditional online and offline map display
Valid from Pega Version 7.1.9
The way an Address Map control behaves in a offline-enabled mobile app has changed. When a mobile app is online, a live Google map is loaded as expected. If the mobile app goes offline, a predefined image of a map is loaded instead.
Troubleshooting Pega Mobile Client on the login screen
Valid from Pega Version 7.1.9
An offline mobile developer can now troubleshoot issues that are not related to incorrect credentials when signing in to the Pega Mobile Client app. On the app login screen, an alert box displays where the user can click a link to examine current log files to troubleshoot the issue. The contents of the displayed log file can be filtered.
For more information, see Troubleshooting Pega Mobile Client.
New Pega Mobile Client debugging options
Valid from Pega Version 7.1.9
The Mobile tab on the Application form contains two new options: a check box for enabling debugging in the Pega Mobile Client app, and a drop-down field for setting the log level to one of the following levels: Silent, Error, Warning, Info, or Debug.
For more information, see Mobile settings reference.
Ability to view a PDF file while offline
Valid from Pega Version 7.1.9
Users of offline-enabled mobile apps can now tap a button to view a PDF file, regardless of whether the user is online or offline. The associated button, link, or icon must have a Run Script action defined that calls the pega.ui.pdf.view()
function with two parameters: applicationName
and pdfName
. The PDF file itself must be uploaded to a Rule-File-Binary rule.
For more information, see How to set up viewing of PDF file while offline.
Building a Pega Mobile Client with custom modules
Valid from Pega Version 7.1.9
When you build a Pega Mobile Client mobile app using the Pega 7 Platform, you can now include Android or iOS custom modules. The custom modules must be included in the assets.zip
file that contains the Pega Mobile Client branding and customization details.
For more information, see Building a mobile web app into a hybrid mobile app.