Hi
The version of OpenSSL used on the controller and legacy AP models i.e. 26xx & 36xx does not contain (or need) the functionality that is vulnerable to heartbleed.
The version of OpenSSL on the 37xx and 38xx series APs is custom built without the functionality that is vulnerable to heartbleed.
So no risk for IdentiFi products due to this vulnerability.
Thanks
Arun