How to report a vulnerability

From iDempiere en
Jump to navigation Jump to search

Security is a serious issue and we want a responsible approach to report, fix and disclose vulnerabilities in a way that protect iDempiere community worldwide.

If you find a vulnerability on iDempiere, we appreciate if you follow the phased disclosure approach before making it public.

The objective of a phased disclosure is to provide the opportunity to upgrade within a reasonable maintenance window to minimize rushed action and operational anxiety.

If you find a vulnerability on iDempiere please write an email to: security at idempiere dot com

Information in your report should include:

  • Including full version details
  • How the vulnerability can be reproduced
  • What impact the vulnerability has on the vulnerable system
  • Any additional details that might help in the verification process
  • If you want some coordination about your vulnerability disclosure with iDempiere security team

All vulnerability reports sent to this email address are considered public knowledge and will trigger a Vulnerability Management process.