The Shibboleth Project has released a patch for V2.5.3 of the Shibboleth Service Provider software on Windows to address the OpenSSL "Heartbleed" vulnerability.

Information about this patch and general guidance for users of this and other Shibboleth products can be found in the security advisory:

Further Steps

We will provide more information in the coming days describing remedial action to take if your system has been vulnerable, so that you can safely replace compromised private keys where appropriate.

Please contact the UK federation helpdesk (service at if you have any additional questions about this advisory, or if you need help in determining whether your systems are vulnerable.

-- Ian Young, UK federation