How to Report a Vulnerability

This page is part of the list of contribution paths described in Contributing to iDempiere.

Security is a serious issue, and iDempiere follows a responsible approach to report, fix, and disclose vulnerabilities in a way that protects the community worldwide.

Responsible disclosure

If you discover a vulnerability in iDempiere, please follow a phased disclosure approach before making details public.

The goal of phased disclosure is to give users and maintainers a reasonable maintenance window to apply updates and reduce rushed operational risk.

How to report

If you find a vulnerability, send an email to:

security at idempiere dot com

Include the following information in your report:

full version details
clear reproduction steps
impact of the vulnerability on the affected system
any additional details that help verification
whether you want coordination with the iDempiere security team for disclosure timing

What happens next

All vulnerability reports sent to this email address are treated as public knowledge and trigger the Vulnerability Management process.

Responsible disclosure​

How to report​

What happens next​

Responsible disclosure

How to report

What happens next