ForgeRock Software Not Affected by ‘Heartbleed’ Security Flaw

A few days ago, it was announced that there is a major vulnerability in OpenSSL, known as Heartbleed. ForgeRock customers running enterprise software will not be affected by this vulnerability.

Important notes:

  • ForgeRock’s products (OpenAMOpenIDMOpenDJOpenIG) do not incorporate openssl. OpenSSL is a commonly used component of open source software and Linux distributions, whereas the vast majority of ForgeRock software runs on the Java platform which uses its own TLS implementation.
  • Some ForgeRock components use the Mozilla Foundation NSS libraries, which are also not vulnerable to Heartbleed.
  • Note for developers: the very latest trunk builds of the OpenAM web policy agents will use the OpenSSL provided by the operating system (where available). Therefore it is important to check that you have patched your platforms accordingly.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?