INC-204045 · Issue 694323
Signature map updated for fetching keys
Resolved in Pega Version 8.6.3
MFA login worked with SAML 2.0 when the certificate was disabled but failed when the certificate was enabled in Auth Service. The error " "Signature algorithm is null" appeared. This has been resolved by updating the signature map to ignore case sensitivity while fetching keys.
INC-204897 · Issue 696148
Log4j file security vulnerability issue addressed
Resolved in Pega Version 8.6.3
A zero-day vulnerability was identified in the Apache Log4j logging software which could potentially allow malicious actors to take control of organizational networks. Pega has immediately and thoroughly addressed this issue. More information can be found at https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability .