IRIS cloud applications unaffected by OpenSSL ‘Heartbleed Bug’

1 minute length
Posted: 10th April 2014

The media have reported a security flaw “Heartbleed Bug” in a widely used software library called OpenSSL.

IRIS has taken every precaution to ensure your data remains safe.

More information about this the security flaw is available on the OpenSSL page which includes a Security Advisory.

Why are IRIS applications unaffected?

IRIS cloud applications (IRIS OpenTax, IRIS OpenSpace, IRIS OpenPayslips, KashFlow and KashFlow Payroll) run on a Microsoft technology stack which does not use the OpenSSL software library and therefore these applications are unaffected.

  • IRIS OpenBooks (powered by FreeAgent) was patched immediately, for more information see the FreeAgent blog 
  • IRIS OpenAudit (powered by AuditFlow) uses a different version of OpenSSL and is unaffected.
  • IRIS OpeniXBRL (powered by CoreFiling) was patched immediately and SSL certificates have been changed. As an extra precaution, you will be prompted to change your password when you next log in.
  • The IRIS website and store were patched immediately.

Next Steps

Even though your data with IRIS is secure, to keep your passwords safe we recommend that you change your online passwords regularly and always use different passwords on different sites. Remembering multiple passwords can be difficult and there are numerous password management tools that you can consider using.