To keep you informed about any suspected or confirmed security issues, SAS publishes security bulletins and SAS Notes as part of our formal Product Security Incident Response Team (PSIRT) process.
Note: Hot fixes for each product component are cumulative and might include functionality fixes in addition to security fixes.
- For a list of hot fixes that are available for your products, use the the SAS Hot Fix Analysis, Download & Deployment (SASHFADD) tool.
- See the Hot Fix FAQ for a general overview of hot fixes.
Java 7 Updates
SAS continues to use and support a private Java 7 JRE for SAS 9.4 and SAS 9.3M2 deployments. See SAS Third-Party Software Requirements – Java 7 Updates for details. See also SAS Note 56203 for the most recent updates to the Java 7 JREs and JDKs.
Contact the Product Security Incident Response Team
Customers who have SAS support contracts should report a suspected security issue by opening a track with SAS Technical Support. Security researchers or others who do not have a support contract can contact PSIRT directly by sending email to email@example.com. Information about security vulnerabilities should be encrypted by using our public Pretty Good Privacy (PGP) key.