Monday, April 14, 2014

ForgeRock Software Not Affected by ‘Heartbleed’

Last week went kind of crazy after the Heartbleed security flaw was uncovered with customers calling to verify if their deployments are affected by the bug.

ForgeRock released a press statement on 11th April 2014.

  • ForgeRock’s products (OpenAM, OpenIDM, OpenDJ, OpenIG) do not incorporate openssl. OpenSSL is a commonly used component of open source software and Linux distributions, whereas the vast majority of ForgeRock software runs on the Java platform which uses its own TLS implementation. 
  • Some ForgeRock components use the Mozilla Foundation NSS libraries, which are also not vulnerable to Heartbleed. 

In short, ForgeRock software are not affected by Heartbleed.


No comments:

Post a Comment