Published Release Notes

Integrated Application Security Checklist helps you deploy a secure application

Pega^® Platform now provides an Application Security Checklist that you can refer to when you prepare your application for deployment. By completing the recommended tasks in this checklist, you can track your progress, access instructional information for tasks, and verify that your configurations are secure.

For more information, see Preparing your application for secure deployment, Compliance Score tab, Designer Studio — Home page.

Attach Content control enhancements

You can now use the Attach Content control in Pega^® Platform to configure compression options that limit the size of files created on a mobile device. For example, you can choose from predefined settings to limit video duration or image size. These settings apply when the user records a new video or takes a new photo, but they do not apply to prerecorded media.

Also, when attaching content to a custom mobile app, users can now select any type of file from any source that is available in the device's native file picker component.

For more information, see Configuring file size options for the Attach content control.

Encrypt sensitive case data by using a secure default Pega Platform cipher and AWS KMS keys

You can encrypt sensitive data within your application without having to write custom cipher classes. You can configure encryption on the Data Encryption landing page by using your own keys managed in your private Amazon Web Services Key Management Service (AWS KMS) instance. Pega^® Platform encryption uses keys that are stored in AWS KMS to support both time-based and on-demand key rotation. Technical issues can arise in some cases, for example, if a key is deleted from AWS KMS.

For more information, see Potential problems with keystores when using AWS KMS, Configuring a Platform cipher, Types of ciphers.

Change passwords from Pega Mobile Client

You can now change your Pega^® Platform password from a mobile device. After your password expires and you try to log in to a custom mobile app, Pega Mobile Client lets you define a new password and verifies it against active password policies.

For more information, see Enabling security policies.

Advance cases from a push notification screen

You can now approve and reject Pega^® Platform cases from your mobile device without opening a custom mobile app. Push notifications that you receive on a mobile device now display buttons that allow you to advance a case.

For more information, see Notifications.

Post Pulse messages to cases from a push notification screen

If your mobile device uses Android 7.0 or later, or iOS 9.0 or later, you can now respond to Pulse messages in Pega^® Platform cases without opening a custom mobile app. Push notifications received on a mobile device now display a Reply button so that you can respond immediately to the notification.

For more information, see Notifications.

Support for optimization of offline packaging during synchronization

You can now optimize offline packaging during full and delta synchronization of an offline-enabled application. Enabling this option for an offline-enabled application means that a case is packaged during delta synchronization only when a new work item for the case is added to the user's worklist and the case was not previously packaged during full or delta synchronization. The case is packaged during full synchronization only when the work item for the case exists in the user's worklist. This feature is useful in field service applications where field service agents usually work on existing assignments and do not need to create new cases.

For more information, see Offline packaging optimization during synchronization.

REST services support password credentials and JWT Bearer grant types

Pega^® Platform REST services now support password credentials and the JWT (JSON Web Token) Bearer grant type when you enable OAuth 2.0-based authentication. By using password credentials, you can quickly migrate clients from direct authentication schemes, provide additional flexibility when other grants are not available, and integrate your application with REST services in other applications. You can add compatibility with modern JWT-based cloud security IDPs by using the JWT Bearer grant type.

For more information, see About OAuth 2.0 Provider data instances, OAuth 2.0 Client Registration data instances - Completing the Client Information tab, Creating an Identity Mapping data instance.

Add the security checklist to applications created before 7.3.1

The security checklist is now automatically added to applications. You can manually add the security checklist to applications that were created in earlier versions.

You can improve the security of your application by completing the tasks on the checklist.

The following task reflects the procedure on how to manually add the security checklists to Designer Studio prior to 7.3.1:

1. In the header of Designer Studio, click the name of the application, and then click Definition.
2. Click the Documentation tab.
3. In the Application guides section, click Add guide.
4. In the Application guide& field, enter pxApplicationSecurityChecklist.
5. Click the Configure icon in the Available in column and select the portals (App Studio and Dev Studio) that you want to add the security checklist to.
6. Click Save.

Addition of Data Access Tab to access control policy condition rules

You can now select associations and declarative index classes when creating access control policy condition rules. The Column source field in the policy condition can now accept properties from available associations and indexes. For ease of reference, the selected associations and indexes are available on the new Data Access tab. 

Using the new tab, you can build complex authorization models in which access restrictions for a class depend on the attributes present in the associated and indexed classes, along with the attributes in the current class. For example, a project management application can now separately maintain project lists for each operator and use that information to restrict read/write access to unique projects.

The information available on the new Data Access tab reflects rule form changes, which are similar to the existing functionality of the Report Definition in the Application Data Model. 

For more information, see Creating an access control policy condition.