Documentation Home »Community Guide »Report Issues »Report a Security Issue
current version

Report a Security Issue

We appreciate your concern

We recognize how important it is to help protect your privacy and security. As a company, not only do we have a vested interest in maintaining the trust you place in us and our products, but also a deep desire to see the Internet remain as safe as possible for us all.

So, needless to say, we take security issues very seriously.

Spotting major security issues

If you believe you have discovered a vulnerability in OroPlatform, OroCRM or OroCommerce or have a security incident to report, please contact our dedicated email support security@oroinc.com

If you feel the need, please use our PGP public key to keep your message safe and please provide us with a secure way to respond.

This is our PGP key which is valid until March 08, 2017.

When properly notified of legitimate issues, we will do our best to acknowledge your emailed report, assign resources to investigate the issue and fix potential problems as quickly as possible.

Responsible disclosure

Responsible disclosure is the industry best practice, and we recommend it as a procedure to anyone researching security vulnerabilities. It allows individuals to notify companies of any security threats before going public with the information. This gives software vendors like us a chance to resolve the problem before the criminally-minded become aware of it.

We will not disclose security issues until our internal investigation is finished, but we will work with you to ensure we fully understand the issue. Once the issue is resolved, we will post a security update along with a thanks and credit for the discovery. We ask for your patience while we make sure all users of our products are protected.

Browse maintained versions:
current1.41.5
ssossossosso