Published Release Notes

Enabling security policies now requires current password

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

New property pxCommitDateTime

A new property, pxCommitDateTime, records the time when a record or updated rule was committed to the database. This property also allows for incremental extracts when running BIX.

Report Browser removed from Designer Studio

The Report Browser and Access landing page have been removed from Designer Studio. In Designer Studio, developers can create, edit, and test reports by using the Report Definition rule form.

The Report Browser is still available in the Case Manager portal.

BIX performance improvements for CSV output in the Pega Cloud

BIX performance has been enhanced to download up to 25 GB of data per hour for extracts from a BLOB-less class table for CSV output. This high-throughput option is available only for Pega Cloud instances that use a Postgres database. This option is used automatically for these types of extracts.

When this option is used, the –x and –c command-line options for BIX are not supported, and the checkSum field in the manifest summary is not populated. If you need these options, you can revert to the previous implementation by using a setting in the prconfig.xml file.

For more information, see BIX high-throughput data downloads in the Pega Cloud.

Add custom HTTP response headers in your application

The Pega 7 Platform supports the addition of custom security HTTP headers that are supported by your browser. For example, you can now create custom X-Frame-Options, X-XSS-Protection, and Strict-Transport-Security headers. These headers improve the security of your application against client-based attacks.

For more information, see Creating a custom application header. 

New property pxSaveDateTime

A new property, pxSaveDateTime, records the date and the time that an instance was saved with business changes to the database. This property is always used when an instance is saved, whether you are creating an instance or updating an existing instance. This property is not updated when an instance is moved from one system to another, and it is not updated during certain system management operations that do not change the content of the instance, such as column exposure.

Attribute-based access control model

Attribute-based access control (ABAC) is a security authorization model in which access rights are determined through the use of policies and attributes. A policy decision engine in ABAC evaluates digital policies against available data (attributes) to permit or deny access to the requested resource. For example, you can now determine access rights to cases by examining security attribute values assigned to the user and the case.

For more information, see Attribute-based access control.

Case-insensitive filtering in reports

Filtering in reports is now case-insensitive, improving the reporting and searching experience. You can turn off case-insensitive filtering, for example, by using an activity. You might want to do this if your index is too big or if the length of time it takes for indexing impacts performance.

For more information on report filtering, see Editing filter conditions.

All search data is encrypted

All search data in Pega Cloud deployments is now encrypted, both at rest and in transit. The encryption of search data makes search compliant with regulatory requirements.

For more information about search, see Full-text search.

Authentication service for basic credentials

A new type of authentication service is available for authenticating operators by using basic credentials (user ID and password). The default Pega Platform™ login is now an instance of this type of authentication service. All basic credentials authentication services include mobile authentication with the OAuth 2.0 protocol and Proof Key for Code Exchange (PKCE). You no longer have to create a custom authentication service to support mobile applications.

For more information, see Configuring a basic authentication service.