Enabling security policies now requires current password
Valid from Pega Version 7.1.3
As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced. When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.
For more details, review the Designer Studio > System > Settings > Security Policies landing page.
Application Express and the Content Security Policy
Valid from Pega Version 7.1.7
Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.
When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.
Password hashing using SHA-256/SHA-512
Valid from Pega Version 7.1.7
Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.
Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.
Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.
See About password hashing for more information.