"Fossies" - the Fresh Open Source Software Archive

Member "otrs-5.0.40/SECURITY.md" (19 Sep 2019, 3551 Bytes) of package /linux/www/otrs-5.0.40.tar.bz2:

As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

OTRS Group Vulnerability Disclosure Policy

We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.


We require that all researchers:

If you follow these guidelines when reporting an issue to us, we commit to: - Not pursue or support any legal action related to your research; - Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 1 week of submission); - Recognize your contribution on our Security Researcher Hall of Fame, if you are the first to report the issue and we make a code or configuration change based on the issue.


Out of scope

Any services hosted by 3rd party providers and services are excluded from scope. These services include OTRS instances hosted by external parties and forks of the ((otrs)) Community Edition.

Supported Versions

The following versions of OTRS or ((OTRS)) Community Edition are currently being supported with security updates. Older versions are not supported and have known vulnerabilities.

Version Supported Known vulnerabilities
7.x :white_check_mark: :x:
6.x :white_check_mark: :x:
5.x :white_check_mark: :x:
< 5.x :x: :bomb:

How to report a security vulnerability?

If you believe you’ve found a security vulnerability in one of our products or platforms please send it to us by emailing security@otrs.org. Please include the following details with your report:

If you’d like to encrypt the information, please use our PGP Key: 2048R/9C227C6B 2011-03-21 [expires at: 2020-11-16] GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 7C6B