Published Release Notes

Application Express and the Content Security Policy

Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.

When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.

Tracked changes persist between client sessions

The Microsoft Word native change tracking feature persists between client sessions for specifications. Enable this feature to facilitate collaborative reviews of your specifications with project stakeholders.

Inserting your specification updates as tracked changes allows you to:

• Provide visible markup to the next reviewer.
• Correlate edits to a specific user and time.
• Generate documents that include markup and comments.

Local settings, such as the colors you specify for markup, do not persist between clients.

For instructions on how to prevent markup and comments from appearing in generated documents, see Advanced options for editing specifications.

Add multiple attachments at once

You can now add more than one attachment to a requirement or specification at a time, without closing the Add/Edit Attachment modal dialog box. Use the traditional browse method to upload an attachment or drag and drop a local file, based on your needs. View and access your attachments from the Application Profile landing page, Requirement form, or Specification form.

Plan projects using release data

Requirements and specifications can now be mapped to a target release and iteration within a specific release. Populating these fields allows you to set and publish a release schedule through worksheets generated by the Sizing wizard. Access these fields from the Application Profile landing page or by opening any requirement or specification.

The Release and Iteration fields as they appear in a specification and a corresponding worksheet

The Sizing wizard incorporates values from the Release and Iteration fields for specifications only.

Specification type extended for decisioning users

Specifications now support a Decision Strategy Manager (DSM) type. This allows you to map your specifications to a decisioning component, such as a strategy or model. After you select an appropriate subtype and provide relevant metadata, you can run the Sizing wizard to incorporate these details into project sizing worksheets.

DSM specification details as they appear in the Specification form and Sizing wizard output

You must have access to Decision Management rulesets to create DSM specifications. For more information on specification types, refer to the Details tab of the Specification form. To view all specifications in your application, filtered by type, refer to the Application Profile landing page.

Add collections as linked implementations

You can now identify a collection or individual steps within a collection as an implementation of a specification. Linking specifications to rules allows you to more accurately convey your application design to project stakeholders. Use the Specifications tab on the Collection form to create these links.

To see all implementations for a given specification, refer to the Application Profile landing page or the Implementations tab of the Specification form.

Add project branding to generated documents

The standard Word Template for specification descriptions is now extensible. Using a customized template allows you to brand your generated documents with project-specific elements.

Specialize the Rule-Application-UseCase.pySpecificationDescription rule to:

• Include relevant images such as company logos.
• Define static text.
• Insert dynamic elements by merging clipboard values into field codes.

Generated document with custom company logo

Refer to Advanced options for editing specifications for instructions on how to override this template.

Password hashing using SHA-256/SHA-512

Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.

Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.

Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.

See About password hashing for more information.

Addition of Data Access Tab to access control policy condition rules

You can now select associations and declarative index classes when creating access control policy condition rules. The Column source field in the policy condition can now accept properties from available associations and indexes. For ease of reference, the selected associations and indexes are available on the new Data Access tab. 

Using the new tab, you can build complex authorization models in which access restrictions for a class depend on the attributes present in the associated and indexed classes, along with the attributes in the current class. For example, a project management application can now separately maintain project lists for each operator and use that information to restrict read/write access to unique projects.

The information available on the new Data Access tab reflects rule form changes, which are similar to the existing functionality of the Report Definition in the Application Data Model. 

For more information, see Creating an access control policy condition.

Addition of Servlet Management

Pega Platform™ now has Servlet Management in Pega Cloud® Services, which provides a simple and secure way to make changes to Pega Platform servlet definitions.

Servlet Management provides Pega Cloud Service clients with solutions to manage servlet configurations with self-service options. This reduces the cycle time for delivering configuration changes in Pega Cloud Service installations while also improving upgrade reliability. 

For more information, see Servlet management.

Upgrade impact

Clients with no application servlet customizations will not experience an impact. If you upgrade from Pega Platform version 8.5 or earlier and, prior to the upgrade, the Pega Cloud team provided your application servlet customizations, then following the upgrade, you must manually add, remove, or modify your servlet customizations in your upgraded application using this servlet management landing page in Pega Platform.

What steps are required to update the application to be compatible with this change?

To manually move your pre-upgrade servlet customizations as appropriate or add new ones to your upgraded application using the new servlet management landing page, follow the steps in Adding a servlet.