ForgeRock released a press statement on 11th April 2014.
- ForgeRock’s products (OpenAM, OpenIDM, OpenDJ, OpenIG) do not incorporate openssl. OpenSSL is a commonly used component of open source software and Linux distributions, whereas the vast majority of ForgeRock software runs on the Java platform which uses its own TLS implementation.
- Some ForgeRock components use the Mozilla Foundation NSS libraries, which are also not vulnerable to Heartbleed.
In short, ForgeRock software are not affected by Heartbleed.