Earlier today we released an important maintenance and security release available for OpenAM 11.0 as well as earlier versions of OpenAM 10.0.x and 9.5.x. These include fixes that address critical security issues such as Denial of Service attacks and SQL Injection attacks.
ForgeRock strongly recommends that all customers update their OpenAM deployments with the updated security patches at the earliest opportunity. We appreciate the contribution from our customers and community members that help us to build the best, most secure product.
- Download the appropriate jar for your OpenAM version
- Restart your application server
Done. As simple as that. (Well, this is where I feel paid customers should enjoy this convenient service from ForgeRock. Honestly.)
For Policy Agent 3.3.1, the following is the key fixes made:
You can read the Policy Agent 3.3.1 Release Note here.