ForgeRock Blog

ForgeRock Software Not Affected by ‘Heartbleed’ Security Flaw

A few days ago, it was announced that there is a major vulnerability in OpenSSL, known as Heartbleed. ForgeRock customers running enterprise software will not be affected by this vulnerability.

Important notes:

  • ForgeRock’s products (OpenAMOpenIDMOpenDJOpenIG) do not incorporate openssl. OpenSSL is a commonly used component of open source software and Linux distributions, whereas the vast majority of ForgeRock software runs on the Java platform which uses its own TLS implementation.
  • Some ForgeRock components use the Mozilla Foundation NSS libraries, which are also not vulnerable to Heartbleed.
  • Note for developers: the very latest trunk builds of the OpenAM web policy agents will use the OpenSSL provided by the operating system (where available). Therefore it is important to check that you have patched your platforms accordingly.
Daniel Raskin


More posts by Daniel :