How to report a vulnerability
Security is a serious issue and we want a responsible approach to report, fix and disclose vulnerabilities in a way that protect iDempiere community worldwide.
If you find a vulnerability on iDempiere, we appreciate if you follow the phased disclosure approach before making it public.
The objective of a phased disclosure is to provide the opportunity to upgrade within a reasonable maintenance window to minimize rushed action and operational anxiety.
If you find a vulnerability on iDempiere please write an email to:
security at idempiere dot com
Information in your report should include:
- Including full version details
- How the vulnerability can be reproduced
- What impact the vulnerability has on the vulnerable system
- Any additional details that might help in the verification process
- If you want some coordination about your vulnerability disclosure with iDempiere security team
All vulnerability reports sent to this email address are considered public knowledge and will trigger a Vulnerability Management process.