Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

Enabling security policies now requires current password

Valid from Pega Version 7.1.3

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

Application Express and the Content Security Policy

Valid from Pega Version 7.1.7

Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.

When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.

Password hashing using SHA-256/SHA-512

Valid from Pega Version 7.1.7

Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.

Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.

Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.

See About password hashing for more information.

SAML single sign-on is easier to configure

Valid from Pega Version 7.4

Implementing SAML single sign-on (SSO) login authentication in your application is now less complex. You can now configure most requirements that used custom activities or Java code in previous releases from the Authentication services form.

For more information, see Creating an authentication service.

Configure role dependencies to grant access rights

Valid from Pega Version 7.4

You can configure role dependencies in a role to grant access rights, which are inherited from the role. Role dependencies are relationships between roles that mirror an organization hierarchy or a more complex relationship among groups of operators, roles, or functional areas. Use role dependencies to simplify role configuration, minimize the number of roles needed by an access group, and minimize the number of privileges that you have to manually define for roles in your application.

For more information, see Access Role rules, Access Role form – Using the Role tab.

Improved operator security

Valid from Pega Version 7.4

To improve security, Pega® Platform now requires the following:

  • During deployment, you must configure a password for administrator@pega.com.
  • The administrator must enable new out-of-the-box operators.
  • The administrator and new Pega-supplied operators must change their passwords after the first login.

These requirements replace the optional secured mode in earlier versions of Pega Platform.

Multifactor authentication now supports SMS

Valid from Pega Version 7.4

Multifactor authentication now supports short message service (SMS) as well as email. Amazon Simple Notification Service (SNS) is supported as a provider.

For more information, see Security policies settings.

Operator provisioning is supported by SAML and OpenID Connect authentication services

Valid from Pega Version 7.4

When you use SAML and OpenID authentication services, operators can be automatically provisioned without the need to write custom activities. Users can now be authenticated and provisioned from authentication providers that adhere to the OpenID Connect specification, such as Auth0, NetIQ, and Google.

For more information, see Configuring operator provisioning for a SAML SSO authentication service and Configuring operator provisioning for an OpenID Connect authentication service.

Support for OpenID Connect authentication

Valid from Pega Version 7.4

Pega® Platform now supports authentication services that use OpenID Connect, an emerging standard for government and enterprise cloud environments. This standard facilitates interoperability among identity management solutions and authentication through authentication providers that adhere to the OpenID Connect specification, including Auth0, NetIQ, and social media sites such as Google.

For more information, see Configuring an OpenID Connect authentication service.

New access control policy for encrypting properties

Valid from Pega Version 7.4

With attribute-based attribute control, you can now encrypt property values in the database, clipboard, logs, and search indexes for any property type. If no policy obfuscates an encrypted property, its value is visible in UI controls and reports.

For more information, see Creating an access control policy.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us