Published Release Notes

Enabling historical compliance score data

Project stakeholders can now track the compliance score for an application over time to better understand and manage ongoing development adherence to Pega 7 Platform guardrails. The compliance score history can be displayed on a line graph on the Compliance Score tab of the Application Guardrails landing page. The data is collected daily and displayed in weekly increments, up to four weeks prior to the current date.

For more information, see Guardrails compliance score, Enabling compliance score history, and Compliance score trend reporting.

Application Sizing Wizard worksheet template now includes business impact

A column for business impact has been added to the project sizing template used by the Application Sizing Wizard. Project owners can now incorporate this assessment into their project sizing.

New Business impact optimization dashboard

On the Analysis tab of the Application Profile landing page, you can now enable historical specification count and implementation progress by complexity and business impact. On the Business impact optimization dashboard, you can view counts of specifications by complexity and business impact. You can also view counts, by business objective, of specifications that have been implemented and for those not yet implemented. You can filter specifications by release and iteration.

For more information, see Viewing specifications by complexity, impact, and business objective, and Associating project specifications with business impact and complexity.

All search data is encrypted

All search data in Pega Cloud deployments is now encrypted, both at rest and in transit. The encryption of search data makes search compliant with regulatory requirements.

For more information about search, see Full-text search.

Authentication service for basic credentials

A new type of authentication service is available for authenticating operators by using basic credentials (user ID and password). The default Pega Platform™ login is now an instance of this type of authentication service. All basic credentials authentication services include mobile authentication with the OAuth 2.0 protocol and Proof Key for Code Exchange (PKCE). You no longer have to create a custom authentication service to support mobile applications.

For more information, see Configuring a basic authentication service.

Unauthenticated sessions transition seamlessly to authenticated

A new authentication service type allows a guest user to use an application without logging in, and to be prompted to authenticate later in the session. This enhancement supports scenarios such as online shopping portals where a user can browse for items and load a shopping cart as a guest but be prompted for credentials at checkout.

For more information, see Configuring an anonymous authentication service.

Create single sign-on authentication services from App Studio

You can create and enable single sign-on (SSO) authentication services from a new landing page in App Studio. From this new landing page you can also configure new SAML and OpenID Connect authentication services to provision users. For more information, see Creating a SAML SSO authentication service and Creating an OIDC SSO authentication service.

Protect against insecure deserialization

Deserialization is the process of rebuilding a data stream into a Java object. The Open Web Application Security Project (OWASP) has identified insecure deserialization as one of the top 10 security vulnerabilities for web applications. Pega Platform™ protects against this vulnerability by using filters that prevent deserialization of suspect data streams. You can configure these filters from the Deserialization Blacklist landing page.

For more information, see Configuring the deserialization filter.