Published Release Notes

Application Express and the Content Security Policy

Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.

When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.

Offline mobile apps require Dynamic Container to use frameless Single Document mode

You can add a Dynamic Container (DC) directly into a Dynamic Layout cell. When creating a custom mobile app with offline capability, you must use the frameless Single Document mode of DC.

Note that mobile offline capability does not support using a framed Single Document mode.

Password hashing using SHA-256/SHA-512

Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.

Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.

Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.

See About password hashing for more information.

Support for large reference data in offline mobile apps

A data page in a Pega 7 Platform mobile application with offline capability enabled can now be marked as a large data page. This feature improves performance significantly when you have a large amount of data in which only individual records change.

In this situation, after the initial sync to the mobile app, only the changes in the large data page are synced instead of the entire large data page. The database table is created for such large data pages in the encrypted SQLite database on the device. Changes such as add, delete, or update are reconciled as row-level updates. Furthermore, you can use JavaScript to query against this data. A large referenced data page is supported by list-based components such as repeating dynamic layout, auto-complete, a dropdown list, and radio button.

Support for offline and online cases in a single mobile app

A single offline-enabled application can now support both the creation and processing of online-only and offline-ready cases.

For online-only cases, a list of both the offline and online cases is always available. Case assignment and processing is performed on the server so that a case is available only when the device is connected to the Internet or to data. When a connection is not available for processing an online-only case, an error message is displayed.

For offline-ready cases, a user can open an assignment and perform tasks on that case. There is also an option to explicitly display a harness from a server instead of a client store.

Offline mobility improvements

Several offline mobility improvements have been made in this release. Additional use cases have been added for configuring offline-enabled mobile apps at design time. Read-only grids with limited features are now supported offline. You can configure auto-populated properties, and you can create work with parameters. It is also possible to open work by handle. You can use decision shapes with Boolean expressions (no when rules) in screen flows. Barcode scanning is now available in offline mode.

Mobile user interface updates

Several improvements have been made to the mobile-related user interface of the Pega 7 Platform. The content of the Mobile tab on the Application rule form has been redesigned. The Offline Configuration and Mobile Certificates landing pages are now available. The Signature Capture control has improved. Post-processing can now occur after the signature has been captured. You can auto-submit with the form submit. You can apply the signature to a page instead of applying it as an attachment to the case. The clear action completely removes the signature from the work object, keeping only the latest iteration of the signature. Touch interactions have been significantly improved. Response time is faster and there is better feedback on the touch action.

All search data is encrypted

All search data in Pega Cloud deployments is now encrypted, both at rest and in transit. The encryption of search data makes search compliant with regulatory requirements.

For more information about search, see Full-text search.

Authentication service for basic credentials

A new type of authentication service is available for authenticating operators by using basic credentials (user ID and password). The default Pega Platform™ login is now an instance of this type of authentication service. All basic credentials authentication services include mobile authentication with the OAuth 2.0 protocol and Proof Key for Code Exchange (PKCE). You no longer have to create a custom authentication service to support mobile applications.

For more information, see Configuring a basic authentication service.

Unauthenticated sessions transition seamlessly to authenticated

A new authentication service type allows a guest user to use an application without logging in, and to be prompted to authenticate later in the session. This enhancement supports scenarios such as online shopping portals where a user can browse for items and load a shopping cart as a guest but be prompted for credentials at checkout.

For more information, see Configuring an anonymous authentication service.