Published Release Notes

Chrome support for editing specification descriptions in Word

If you use Google Chrome 42 and later, you can now create, save, and update specification descriptions even if you are not using the Microsoft Silverlight NPAPI plug-in.

The new Upload Word document as description option provides you with the functionality to upload a Word document that contains the specification description. In addition, you can use the Export to Word option to export the description that you entered in the rich text editor to a Word document.

Redesigned tool for documenting your applications

Use the newly designed Document Application tool to generate application profile documents, application documents, and specification documents. The Document Application tool provides a streamlined landing page for all document types, including custom templates, and replaces the Application Document wizard.

For more information, see Document Application tool and Enhancements to the Direct Capture of Objectives.

Improvements to the Document Application tool

Application profile documents and application documents generated by the Document Application tool have been improved to present information in a more logical order based on how the application was built (for example, by case life-cycle management). Also, these types of documents now include all specifications linked with an implementation rule, presented in logical order under the implementation rule.

In addition, to help you more efficiently drive decisions by stakeholders, you can specify whether to include related built-on application layer assets in application profile documents and application documents. For specification documents, you can specify whether to include specifications from the built-on application layer.

For more information, see Document Application tool.

Add custom HTTP response headers in your application

The Pega 7 Platform supports the addition of custom security HTTP headers that are supported by your browser. For example, you can now create custom X-Frame-Options, X-XSS-Protection, and Strict-Transport-Security headers. These headers improve the security of your application against client-based attacks.

For more information, see Creating a custom application header. 

Associate specifications on implementation rule forms

You can now view, add, and delete the specifications that are associated with a rule on the new Specifications tab of most rule forms. The Specifications tab is available for almost all implementation rules, except for administrative and deprecated rule types. By associating specifications with the rules that implement them, you improve the end-to-end traceability of your specifications.

For more information, see Associating specifications on implementation rule forms.

Attribute-based access control model

Attribute-based access control (ABAC) is a security authorization model in which access rights are determined through the use of policies and attributes. A policy decision engine in ABAC evaluates digital policies against available data (attributes) to permit or deny access to the requested resource. For example, you can now determine access rights to cases by examining security attribute values assigned to the user and the case.

For more information, see Attribute-based access control.

New hashing algorithm for Password property types

To provide extra protection against brute-force attacks, a new hashing algorithm has been added to the Pega 7 Platform. Bcrypt is used as a default hashing algorithm for Password property types. The bcrypt key setup algorithm takes a long time to process. This means that potential attackers would have to spend a substantial amount of time testing every possible key.

For more information, see Using the bcrypt hashing algorithm for Password property types.

Discovery features for access control policies

Access control policies now support discovery features that allow end users to view limited, customizable information about class instances that fail Read policies but satisfy Discover policies. Two types of Discovery gadgets are provided, and when discovery features are enabled, a Discovery gadget is included in the Report Viewer and in search results. Developers can customize these gadgets and include them in other parts of an application user interface.

For more information, see Discovery features for access control policies.

Update and delete actions available in access control policies

Access control policies support update and delete actions on objects. These actions control which specific instances of a class can be created, updated, or deleted by an end user in a case.

For more information, see Creating an access control policy.

Terminate sessions for operators from outside the Pega 7 Platform

The newly added Users REST API allows an authorized administrator to terminate sessions for one or more operator IDs from outside the Pega^® 7 Platform. A typical use case for this API is to terminate a user’s session when the user's security credentials, which are stored externally, are known to have changed.

Access the Pega API by clicking Resources > Pega API.