INTRODUCTION: GOVERNANCE, PERFORMANCE, AND MODERNIZATION
OpenText Application Security 25.2.0 (Fortify) focuses on strengthening cryptography, modernizing APIs and deployments, reducing operational noise, and nudging enterprises off fragile legacy integrations. For CIOs, CISOs, and SDLC leaders, this release is about improving risk posture, CI/CD efficiency, and long-term platform strategy.
STRONGER LICENSE & INFRASTRUCTURE SECURITY WITH SHA256
What it is
LIM now supports SHA1 and SHA256 (offline activation needed). From 26.4.0, only SHA256 will be supported.
Enterprise impact
Reduces cryptographic risk and future-proofs license/infrastructure communications.
Supports staged upgrades of mixed Fortify environments without downtime.
Day-to-day team value
Platform owners can upgrade LIM once, preserving backward compatibility.
Offline customers have clear activation procedures without ad-hoc hacks.
KUBERNETES DEPLOYMENT MODERNIZATION FOR SSC
What it is
Helm charts and values files removed from SSC ZIP; deployment now requires Tomcat 10.1 with clear documentation.
Enterprise impact
Standardized, supportable cloud/container deployments.
Easier alignment with platform engineering and audit policies.
Day-to-day team value
DevOps follows documented deployment steps.
Avoids trial-and-error migration issues, reducing downtime.
REST API PERFORMANCE WITH withoutCount PARAMETER
What it is
Paginated endpoints (e.g., /api/v1/activityFeedEvents) can skip computing total counts for faster responses.
