Friday, August 22, 2014

OpenAM Security Advisory - NSS and NSPR security

ForgeRock has just released a security advisory for OpenAM Web Policy Agent. This affects versions 3.3.1, 3.3.0 and 3.0.x. It's actually an issue with the NSS and NSPR libraries that the Web Policy Agent uses during runtime.

More detail here.

As usual, paid customers have the convenience of downloading the latest Web Policy Agent 3.3.2 from ForgeRock BackStage.

How about Non-paying customers?
If community members are using older versions of the Web Policy agents we strongly recommend updating to the new release at the earliest opportunity.

Watch out for new Web Policy Agent 3.4.0 or 4.0.0 if that's how I interpret correctly.

But I think for this issue, update the NSS/NSPR libraries will do. Isn't it? :)



No comments:

Post a Comment