- ForgeRock’s products (OpenAM, OpenIDM, OpenDJ, OpenIG) do not incorporate openssl. OpenSSL is a commonly used component of open source software and Linux distributions, whereas the vast majority of ForgeRock software runs on the Java platform which uses its own TLS implementation.
- Some ForgeRock components use the Mozilla Foundation NSS libraries, which are also not vulnerable to Heartbleed.
- Note for developers: the very latest trunk builds of the OpenAM web policy agents will use the OpenSSL provided by the operating system (where available). Therefore it is important to check that you have patched your platforms accordingly.