ForgeRock announced another security advisory last night. The detail can be found here.
Again, if you are a paid customer, then it is very hassle free to apply the patch.
Just download the patches in .jar and drop them into your web container. Restart web container. Done!
Updated on 23rd Sep 2014
So, I have been informed that the patches should not be as easy as drop and restart. We should be following the README closely and carry out the steps as instructed.
The million-dollar question is: Where is the README file?
I spent some time and finally found it! It is within the patch (jar).
Oh man! This is very confusing. From my past experience, a .jar is simply a file for one to dump into the /WEB-INF/lib directory on the application server.
Instead, the patch (jar) here is nothing but a zip file. The real codes are .class files that are to be deployed in /WEB-INF/classes.
I prefer zip anytime.