Published Release Notes

Enabling historical compliance score data

Project stakeholders can now track the compliance score for an application over time to better understand and manage ongoing development adherence to Pega 7 Platform guardrails. The compliance score history can be displayed on a line graph on the Compliance Score tab of the Application Guardrails landing page. The data is collected daily and displayed in weekly increments, up to four weeks prior to the current date.

For more information, see Guardrails compliance score, Enabling compliance score history, and Compliance score trend reporting.

Application Sizing Wizard worksheet template now includes business impact

A column for business impact has been added to the project sizing template used by the Application Sizing Wizard. Project owners can now incorporate this assessment into their project sizing.

New Business impact optimization dashboard

On the Analysis tab of the Application Profile landing page, you can now enable historical specification count and implementation progress by complexity and business impact. On the Business impact optimization dashboard, you can view counts of specifications by complexity and business impact. You can also view counts, by business objective, of specifications that have been implemented and for those not yet implemented. You can filter specifications by release and iteration.

For more information, see Viewing specifications by complexity, impact, and business objective, and Associating project specifications with business impact and complexity.

Improvements to the Document Application tool

Application profile documents and application documents generated by the Document Application tool have been improved to present information in a more logical order based on how the application was built (for example, by case life-cycle management). Also, these types of documents now include all specifications linked with an implementation rule, presented in logical order under the implementation rule.

In addition, to help you more efficiently drive decisions by stakeholders, you can specify whether to include related built-on application layer assets in application profile documents and application documents. For specification documents, you can specify whether to include specifications from the built-on application layer.

For more information, see Document Application tool.

Add custom HTTP response headers in your application

The Pega 7 Platform supports the addition of custom security HTTP headers that are supported by your browser. For example, you can now create custom X-Frame-Options, X-XSS-Protection, and Strict-Transport-Security headers. These headers improve the security of your application against client-based attacks.

For more information, see Creating a custom application header. 

Associate specifications on implementation rule forms

You can now view, add, and delete the specifications that are associated with a rule on the new Specifications tab of most rule forms. The Specifications tab is available for almost all implementation rules, except for administrative and deprecated rule types. By associating specifications with the rules that implement them, you improve the end-to-end traceability of your specifications.

For more information, see Associating specifications on implementation rule forms.

Attribute-based access control model

Attribute-based access control (ABAC) is a security authorization model in which access rights are determined through the use of policies and attributes. A policy decision engine in ABAC evaluates digital policies against available data (attributes) to permit or deny access to the requested resource. For example, you can now determine access rights to cases by examining security attribute values assigned to the user and the case.

For more information, see Attribute-based access control.

Java injection vulnerability check

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time.  You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.

For more information, see Configuring the Java injection check.

Usability improvements to Admin Studio

Admin Studio offers a variety of usability enhancements, including:

• New access groups to differentiate between full and read-only access to Admin Studio
• A Java class lookup utility
• A requestor list for the logged-on operator
• The ability to display system node type in the logs

Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.

For more information, see Managing requestors.

Token credentials authentication service

You can create a new type of authentication service for token credentials authentication, which is useful for offline mobile applications. With token credentials authentication, users need to enter their credentials only once in a session. Subsequent access to the server is authenticated with a token. The token can be generated by the Pega Platform™ authorization layer (OAuth 2.0) or issued by an external identity provider.

For more information, see Configuring a token credentials authentication service.