CINXE.COM

How to report a vulnerability in Umbraco

<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1.0, minimum-scale=1.0"> <title>How to report a vulnerability in Umbraco</title> <meta property="og:title" content="How to report a vulnerability in Umbraco"> <meta name="twitter:title" content="How to report a vulnerability in Umbraco"> <meta name="description" content="A step-by-step guide on how best to report a vulnerability in Umbraco. Help us take care of the vulnerability in a responsible and timely manner." /> <meta property="og:description" content="A step-by-step guide on how best to report a vulnerability in Umbraco. Help us take care of the vulnerability in a responsible and timely manner."> <meta name="twitter:description" content="A step-by-step guide on how best to report a vulnerability in Umbraco. Help us take care of the vulnerability in a responsible and timely manner."> <meta property="og:type" content="website"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@umbraco"> <meta property="og:image" content="https://umbraco.com/media/ziikdjap/umbraco_social_og.png?cc=0.0010321753986332466,0.069063888998924364,0,0.0015260460386189473&amp;width=1200&amp;height=628&amp;v=1db00457cafc8c0"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="628"> <meta name="twitter:image" content="https://umbraco.com/media/ziikdjap/umbraco_social_og.png?cc=0.0010321753986332466,0.069063888998924364,0,0.0015260460386189473&amp;width=1200&amp;height=628&amp;v=1db00457cafc8c0"> <link rel="canonical" href="https://umbraco.com/trust-center/security-and-umbraco/how-to-report-a-vulnerability-in-umbraco/" /> <meta property="og:url" content="https://umbraco.com/trust-center/security-and-umbraco/how-to-report-a-vulnerability-in-umbraco/"> <script id="gtmScript" data-nonce="ARq8DT2L/XyEOR3UDDb826n5H6kce2dqVSPvPqf//4k=" nonce="ARq8DT2L/XyEOR3UDDb826n5H6kce2dqVSPvPqf//4k=">(function (w, d, s, l, i) { w[l] = w[l] || []; w[l].push({ 'gtm.start': new Date().getTime(), event: 'gtm.js' }); var f = d.getElementsByTagName(s)[0], j = d.createElement(s); j.async = true; j.src = "https://load.sst.umbraco.com/1tsxmrrbeo.js?" + i; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'evkn1fvu=aWQ9R1RNLVQ2VEtNVDI%3D&apiKey=f8823aac');</script> <meta name="robots" content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1" /> <link rel="stylesheet" nonce="ARq8DT2L/XyEOR3UDDb826n5H6kce2dqVSPvPqf//4k=" href="/assets/_index-oZHwo8Fq.css" /> </head> <body class="document-contentPage old-layout "> <noscript><iframe src="https://load.sst.umbraco.com/ns.html?id=GTM-T6TKMT2" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <dc-header class="old-header"> <header class="header"> <div class="nav"> <div class="nav-mobile-bg"></div> <div class="nav-start"> <a href="/" title="Umbraco" class="logo-link"> <svg xmlns="http://www.w3.org/2000/svg" class="logo" viewBox="0 0 40 40"> <path fill="var(--logo-fill, var(--color-blue))" d="M0,20C0,8.9,9,0,20,0s20,9,20,20s-9,20-20,20C8.9,40,0,31,0,20L0,20z M19.6,26.8c-1.6,0-3.1-0.1-4.6-0.4 c-1.1-0.2-2.1-1-2.5-2c-0.5-1-0.7-2.6-0.7-4.8c0-1.1,0.1-2.3,0.2-3.4c0.1-1.1,0.3-2,0.4-2.7l0.1-0.7c0,0,0,0,0-0.1 c0-0.2-0.1-0.4-0.3-0.4l-2.6-0.4H9.6c-0.2,0-0.4,0.1-0.4,0.3c0,0.2-0.1,0.3-0.1,0.7c-0.1,0.8-0.3,1.5-0.4,2.6 c-0.2,1.2-0.3,2.4-0.3,3.5c-0.1,0.8-0.1,1.6,0,2.5c0.1,2.2,0.4,3.9,1.1,5.2c0.7,1.3,1.9,2.2,3.5,2.8c1.6,0.6,3.9,0.9,6.9,0.8h0.4 c2.9,0,5.2-0.3,6.9-0.8c1.6-0.6,2.8-1.5,3.5-2.8c0.7-1.3,1.1-3.1,1.1-5.2c0.1-0.8,0.1-1.6,0-2.5c0-1.2-0.1-2.4-0.3-3.5 c-0.1-1.1-0.3-1.8-0.4-2.6c-0.1-0.4-0.1-0.5-0.1-0.7c0-0.2-0.2-0.3-0.4-0.3h-0.1l-2.6,0.4c-0.2,0-0.3,0.2-0.3,0.4c0,0,0,0,0,0.1 l0.1,0.7c0.1,0.7,0.3,1.6,0.4,2.7c0.1,1.1,0.2,2.3,0.2,3.4c0,2.2-0.2,3.8-0.7,4.8c-0.5,1-1.4,1.8-2.5,2c-1.5,0.3-3.1,0.5-4.6,0.4 L19.6,26.8z" /> </svg> <span>Umbraco</span> </a> </div> <nav class="nav-list"> <ul class="nav-list__list"> <li class="nav-item nav-item__has-dropdown "> <a href="/for-business/" title="For Business">For Business</a> <button type="button" class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <div class="nav-item__dropdown"> <div class="nav-item__dropdown-header"> <button class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <a href="/for-business/" title="For Business"> For Business </a> </div> <ul class="nav-list__list nav-item__dropdown-list"> <li class="nav-item__dropdown-item"> <a href="/partners/" title="Find a partner"> Find a partner </a> </li> <li class="nav-item__dropdown-item"> <a href="/case-studies-testimonials/" title="Case Studies"> Case Studies </a> </li> <li class="nav-item__dropdown-item"> <a href="/umbraco-by-industry/" title="Umbraco by Industry"> Umbraco by Industry </a> </li> </ul> </div> </li> <li class="nav-item nav-item__has-dropdown "> <a href="/partners/" title="Partners">Partners</a> <button type="button" class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <div class="nav-item__dropdown"> <div class="nav-item__dropdown-header"> <button class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <a href="/partners/" title="Partners"> Partners </a> </div> <ul class="nav-list__list nav-item__dropdown-list"> <li class="nav-item__dropdown-item"> <a href="/partners/become-an-umbraco-solution-partner/" title="Become a partner"> Become a partner </a> </li> <li class="nav-item__dropdown-item"> <a href="/partners/find-a-solution-partner/" title="Find a Partner"> Find a Partner </a> </li> </ul> </div> </li> <li class="nav-item nav-item__has-dropdown "> <a href="/products/" title="Products">Products</a> <button type="button" class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <div class="nav-item__dropdown"> <div class="nav-item__dropdown-header"> <button class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <a href="/products/" title="Products"> Products </a> </div> <ul class="nav-list__list nav-item__dropdown-list"> <li class="nav-item__dropdown-item"> <a href="/products/umbraco-cms/" title="CMS"> CMS </a> </li> <li class="nav-item__dropdown-item"> <a href="/products/umbraco-cloud/" title="Cloud"> Cloud </a> </li> <li class="nav-item__dropdown-item"> <a href="/products/umbraco-heartcore/" title="Heartcore"> Heartcore </a> </li> <li class="nav-item__dropdown-item"> <a href="/products/add-ons/" title="Add-ons"> Add-ons </a> </li> <li class="nav-item__dropdown-item"> <a href="https://marketplace.umbraco.com" title="Marketplace"> Marketplace </a> </li> <li class="nav-item__dropdown-item"> <a href="/products/support/" title="Support"> Support </a> </li> </ul> </div> </li> <li class="nav-item nav-item__has-dropdown "> <a href="https://community.umbraco.com/" title="Community">Community</a> <button type="button" class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <div class="nav-item__dropdown"> <div class="nav-item__dropdown-header"> <button class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <a href="https://community.umbraco.com/" title="Community"> Community </a> </div> <ul class="nav-list__list nav-item__dropdown-list"> <li class="nav-item__dropdown-item"> <a href="https://community.umbraco.com/get-involved/" title="Get involved"> Get involved </a> </li> <li class="nav-item__dropdown-item"> <a href="https://community.umbraco.com/events/" title="Events"> Events </a> </li> <li class="nav-item__dropdown-item"> <a href="https://community.umbraco.com/mvp-program/" title="MVP program"> MVP program </a> </li> <li class="nav-item__dropdown-item"> <a href="https://community.umbraco.com/diversity-and-inclusion/" title="Diversity &amp; Inclusion"> Diversity &amp; Inclusion </a> </li> <li class="nav-item__dropdown-item"> <a href="https://community.umbraco.com/get-involved/community-discord-channel/" title="Discord"> Discord </a> </li> </ul> </div> </li> <li class="nav-item nav-item__has-dropdown "> <a href="/resources/" title="Resources">Resources</a> <button type="button" class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <div class="nav-item__dropdown"> <div class="nav-item__dropdown-header"> <button class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <a href="/resources/" title="Resources"> Resources </a> </div> <ul class="nav-list__list nav-item__dropdown-list"> <li class="nav-item__dropdown-item"> <a href="/blog/" title="Blog"> Blog </a> </li> <li class="nav-item__dropdown-item"> <a href="/training/" title="Training"> Training </a> </li> <li class="nav-item__dropdown-item"> <a href="https://docs.umbraco.com/" title="Documentation"> Documentation </a> </li> <li class="nav-item__dropdown-item"> <a href="https://www.youtube.com/channel/UCbGfwSAPflebnadyhEPw-wA" title="Video Tutorials"> Video Tutorials </a> </li> <li class="nav-item__dropdown-item"> <a href="/knowledge-base/" title="Knowledge Base"> Knowledge Base </a> </li> <li class="nav-item__dropdown-item"> <a href="/trust-center/" title="Trust Center"> Trust Center </a> </li> <li class="nav-item__dropdown-item"> <a href="https://github.com/umbraco" title="GitHub"> GitHub </a> </li> <li class="nav-item__dropdown-item"> <a href="/sign-in/#" title="Sign in"> Sign in </a> </li> </ul> </div> </li> <li class="nav-item nav-item__has-dropdown "> <a href="/about-us/" title="About us">About us</a> <button type="button" class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <div class="nav-item__dropdown"> <div class="nav-item__dropdown-header"> <button class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <a href="/about-us/" title="About us"> About us </a> </div> <ul class="nav-list__list nav-item__dropdown-list"> <li class="nav-item__dropdown-item"> <a href="/about-us/mission-and-vision/" title="Mission and Vision"> Mission and Vision </a> </li> <li class="nav-item__dropdown-item"> <a href="/about-us/values/" title="Values"> Values </a> </li> <li class="nav-item__dropdown-item"> <a href="/about-us/impact-report/" title="Impact Report"> Impact Report </a> </li> <li class="nav-item__dropdown-item"> <a href="/about-us/open-books/" title="Open Books"> Open Books </a> </li> <li class="nav-item__dropdown-item"> <a href="/work-at-umbraco/" title="Work at Umbraco"> Work at Umbraco </a> </li> <li class="nav-item__dropdown-item"> <a href="/contact-us/" title="Contact us"> Contact us </a> </li> </ul> </div> </li> </ul> </nav> <div class="nav-end"> <div class="nav-end__item search-btn"> <button type="button" class="icon-btn" aria-label="Search"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-search"> <circle cx="11" cy="11" r="8" /> <path d="m21 21-4.3-4.3" /> </svg> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-close"> <path d="M18 6 6 18" /> <path d="m6 6 12 12" /> </svg> </button> <form method="GET" action="/search/"> <input type="text" name="q" placeholder="What are you looking for?" autofocus /> <button title="Search" type="submit"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-search"> <circle cx="11" cy="11" r="8" /> <path d="m21 21-4.3-4.3" /> </svg> </button> </form> </div> <div class="nav-mobile__item cta-btn"> <a href="https://calendly.com/d/2wd-q6x-vg2" target="_blank" class="btn is-blue" title="Book a discovery call">Book a discovery call</a> </div> </div> <div class="nav-mobile"> <div class="nav-mobile__item cta-btn"> <a href="https://calendly.com/d/2wd-q6x-vg2" target="_blank" class="btn is-blue" title="Book a discovery call">Book a discovery call</a> </div> <button type="button" class="nav-mobile__item menu-btn" id="menuBtn"> <span>Menu</span> <div class="icon-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-menu"> <line x1="4" x2="20" y1="12" y2="12" /> <line x1="4" x2="20" y1="6" y2="6" /> <line x1="4" x2="20" y1="18" y2="18" /> </svg> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-close"> <path d="M18 6 6 18" /> <path d="m6 6 12 12" /> </svg> </div> </button> </div> </div> <div class="nav subnav"> <nav class="nav-list"> <ul class="nav-list__list"> <li class="nav-item nav-item__has-dropdown "> <a href="/trust-center/compliance-faq/" title="Compliance FAQ">Compliance FAQ</a> <button type="button" class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <div class="nav-item__dropdown"> <div class="nav-item__dropdown-header"> <button class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <a href="/trust-center/compliance-faq/" title="Compliance FAQ"> Compliance FAQ </a> </div> <ul class="nav-list__list nav-item__dropdown-list"> <li class="nav-item__dropdown-item"> <a href="/trust-center/compliance-faq/web-accessibility-features/" title="Web Accessibility"> Web Accessibility </a> </li> </ul> </div> </li> <li class="nav-item nav-item__has-dropdown is-active"> <a href="/trust-center/security-and-umbraco/" title="Security and Umbraco">Security and Umbraco</a> <button type="button" class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <div class="nav-item__dropdown"> <div class="nav-item__dropdown-header"> <button class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <a href="/trust-center/security-and-umbraco/" title="Security and Umbraco"> Security and Umbraco </a> </div> <ul class="nav-list__list nav-item__dropdown-list"> <li class="nav-item__dropdown-item"> <a href="/trust-center/security-and-umbraco/how-to-get-informed-about-security-advisories/" title="How to get informed about security advisories"> How to get informed about security advisories </a> </li> <li class="nav-item__dropdown-item"> <a href="/trust-center/security-and-umbraco/security-and-umbraco-cloud/" title="Security and Umbraco Cloud"> Security and Umbraco Cloud </a> </li> <li class="nav-item__dropdown-item"> <a href="/trust-center/security-and-umbraco/how-to-report-a-vulnerability-in-umbraco/" title="How to report a vulnerability in Umbraco"> How to report a vulnerability in Umbraco </a> </li> <li class="nav-item__dropdown-item"> <a href="/trust-center/security-and-umbraco/security-tips-in-umbraco/" title="Security documentation in Umbraco"> Security documentation in Umbraco </a> </li> </ul> </div> </li> <li class="nav-item nav-item__has-dropdown "> <a href="/trust-center/privacy-and-umbraco/" title="Privacy and Umbraco">Privacy and Umbraco</a> <button type="button" class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <div class="nav-item__dropdown"> <div class="nav-item__dropdown-header"> <button class="arrow-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" class="lucide-icon icon-arrow"> <path d="M5 12h14" /> <path d="m12 5 7 7-7 7" /> </svg> </button> <a href="/trust-center/privacy-and-umbraco/" title="Privacy and Umbraco"> Privacy and Umbraco </a> </div> <ul class="nav-list__list nav-item__dropdown-list"> <li class="nav-item__dropdown-item"> <a href="/trust-center/privacy-and-umbraco/gdpr-and-umbraco/" title="GDPR and Umbraco"> GDPR and Umbraco </a> </li> <li class="nav-item__dropdown-item"> <a href="/trust-center/privacy-and-umbraco/cookie-information/" title="Cookie Information"> Cookie Information </a> </li> <li class="nav-item__dropdown-item"> <a href="/trust-center/privacy-and-umbraco/privacy-statement/" title="Privacy Statement"> Privacy Statement </a> </li> </ul> </div> </li> <li class="nav-item "> <a href="/trust-center/non-disclosure-agreement/" title="Non-Disclosure Agreement">Non-Disclosure Agreement</a> </li> </ul> </nav> </div> </header> </dc-header> <main> <a href="/" title="Umbraco" class="logo-link"> <svg xmlns="http://www.w3.org/2000/svg" class="logo" viewBox="0 0 40 40"> <path fill="var(--logo-fill, var(--color-blue))" d="M0,20C0,8.9,9,0,20,0s20,9,20,20s-9,20-20,20C8.9,40,0,31,0,20L0,20z M19.6,26.8c-1.6,0-3.1-0.1-4.6-0.4 c-1.1-0.2-2.1-1-2.5-2c-0.5-1-0.7-2.6-0.7-4.8c0-1.1,0.1-2.3,0.2-3.4c0.1-1.1,0.3-2,0.4-2.7l0.1-0.7c0,0,0,0,0-0.1 c0-0.2-0.1-0.4-0.3-0.4l-2.6-0.4H9.6c-0.2,0-0.4,0.1-0.4,0.3c0,0.2-0.1,0.3-0.1,0.7c-0.1,0.8-0.3,1.5-0.4,2.6 c-0.2,1.2-0.3,2.4-0.3,3.5c-0.1,0.8-0.1,1.6,0,2.5c0.1,2.2,0.4,3.9,1.1,5.2c0.7,1.3,1.9,2.2,3.5,2.8c1.6,0.6,3.9,0.9,6.9,0.8h0.4 c2.9,0,5.2-0.3,6.9-0.8c1.6-0.6,2.8-1.5,3.5-2.8c0.7-1.3,1.1-3.1,1.1-5.2c0.1-0.8,0.1-1.6,0-2.5c0-1.2-0.1-2.4-0.3-3.5 c-0.1-1.1-0.3-1.8-0.4-2.6c-0.1-0.4-0.1-0.5-0.1-0.7c0-0.2-0.2-0.3-0.4-0.3h-0.1l-2.6,0.4c-0.2,0-0.3,0.2-0.3,0.4c0,0,0,0,0,0.1 l0.1,0.7c0.1,0.7,0.3,1.6,0.4,2.7c0.1,1.1,0.2,2.3,0.2,3.4c0,2.2-0.2,3.8-0.7,4.8c-0.5,1-1.4,1.8-2.5,2c-1.5,0.3-3.1,0.5-4.6,0.4 L19.6,26.8z" /> </svg> <span>Umbraco</span> </a> <section> <div class="dc-block-list block-list-root"> <div class="dc-text-block justify-center " id="YNTEs"> <style nonce="ARq8DT2L/XyEOR3UDDb826n5H6kce2dqVSPvPqf//4k="> #YNTEs { --block-background-color: transparent; --block-text-color: #162335; --link-color: var(--color-blue); } </style> <div class="dc-text-block__content"><h1 style="text-align: center;">How to report a vulnerability in Umbraco</h1> <h2 style="text-align: center;">Step-by-step guide on how to report a security bug/vulnerability</h2></div> </div> <div class="dc-text-block justify-center " id="rVUHh"> <style nonce="ARq8DT2L/XyEOR3UDDb826n5H6kce2dqVSPvPqf//4k="> #rVUHh { --block-background-color: transparent; --block-text-color: #162335; --link-color: var(--color-blue); } </style> <div class="dc-text-block__content"><p>For responsible disclosure of a possible security vulnerability in Umbraco CMS, Umbraco Cloud, Umbraco Forms or Courier, we'd like you to follow these guidelines.</p> <p>This way we get all the information we need in order to take appropriate and timely action. Thus, we ask you to report it directly to us thus, not to report the vulnerability in any public forums (like GitHub) etc. to ensure that it does not get exploited in the wild. </p> <h2>How to report a vulnerability</h2> <ul> <li>Reach out to us directly at <a href="mailto:security@umbraco.com">security@umbraco.com </a></li> <li>Make sure to provide us with as much and thorough information as you can.</li> </ul> <h3>What we expect from you</h3> <p>In order for us to fix and handle the vulnerability appropriately, we need your help. We need you to:</p> <ul> <li> <p>Not tell anyone about the problem until we have fixed it. You will also not submit it as a CVE during this time.</p> </li> <li>Make sure to verify your claim of a security vulnerability by sharing a proof of concept</li> <li> <p>Reporting the results of an automated scan is usually not helpful. Please send us proof on how you think an attacker could exploit each of the scan results. </p> </li> </ul> <h2>What'll happen next?</h2> <p>We will acknowledge receipt of your vulnerability report ASAP, usually within 1 business day. If we take the security issue further, we'll send you regular updates about our progress. As an acknowledgement of your contribution, we offer to publicly acknowledge your disclosure. </p> <p>If your security vulnerability gets merged, we'll communicate about it along with a fix in a public <a href="/blog/">security advisory on the Umbraco blog.</a></p> <h3>List of security contributors</h3> <p>We'd like to thank the contributors for their amazing efforts in making Umbraco safer, and we've therefore gathered <a href="/trust-center/security-and-umbraco/how-to-report-a-vulnerability-in-umbraco/list-of-security-contributors/" title="List of security contributors">a dedicated list of Umbraco security contributors​.</a></p> <p>The people listed here, are all the first who provided us with actionable security information which helped us fix a particular vulnerability. </p> <p><a href="/trust-center/security-and-umbraco/how-to-report-a-vulnerability-in-umbraco/list-of-security-contributors/" title="List of security contributors" class="btn is-blue">List of security contributors</a></p></div> </div> </div> </section> </main> <footer> <div class="footer-inner"> <div class="footer-header"> <svg xmlns="http://www.w3.org/2000/svg" class="logo" viewBox="0 0 40 40"> <path fill="var(--logo-fill, var(--color-blue))" d="M0,20C0,8.9,9,0,20,0s20,9,20,20s-9,20-20,20C8.9,40,0,31,0,20L0,20z M19.6,26.8c-1.6,0-3.1-0.1-4.6-0.4 c-1.1-0.2-2.1-1-2.5-2c-0.5-1-0.7-2.6-0.7-4.8c0-1.1,0.1-2.3,0.2-3.4c0.1-1.1,0.3-2,0.4-2.7l0.1-0.7c0,0,0,0,0-0.1 c0-0.2-0.1-0.4-0.3-0.4l-2.6-0.4H9.6c-0.2,0-0.4,0.1-0.4,0.3c0,0.2-0.1,0.3-0.1,0.7c-0.1,0.8-0.3,1.5-0.4,2.6 c-0.2,1.2-0.3,2.4-0.3,3.5c-0.1,0.8-0.1,1.6,0,2.5c0.1,2.2,0.4,3.9,1.1,5.2c0.7,1.3,1.9,2.2,3.5,2.8c1.6,0.6,3.9,0.9,6.9,0.8h0.4 c2.9,0,5.2-0.3,6.9-0.8c1.6-0.6,2.8-1.5,3.5-2.8c0.7-1.3,1.1-3.1,1.1-5.2c0.1-0.8,0.1-1.6,0-2.5c0-1.2-0.1-2.4-0.3-3.5 c-0.1-1.1-0.3-1.8-0.4-2.6c-0.1-0.4-0.1-0.5-0.1-0.7c0-0.2-0.2-0.3-0.4-0.3h-0.1l-2.6,0.4c-0.2,0-0.3,0.2-0.3,0.4c0,0,0,0,0,0.1 l0.1,0.7c0.1,0.7,0.3,1.6,0.4,2.7c0.1,1.1,0.2,2.3,0.2,3.4c0,2.2-0.2,3.8-0.7,4.8c-0.5,1-1.4,1.8-2.5,2c-1.5,0.3-3.1,0.5-4.6,0.4 L19.6,26.8z" /> </svg> <h1 class="footer-header__text"> <span>The CMS that fits you.</span> <span>Not the other way around.</span> </h1> </div> <div class="footer-links"> <div class="footer-links__column"> <h2 class="footer-links__column-title">About Umbraco</h2> <ul class="footer-links__column-links"> <li class="footer-links__column-links--item"><a href="/about-us/" target="_self">About us</a></li> <li class="footer-links__column-links--item"><a href="/work-at-umbraco/" target="_self">Work at Umbraco</a></li> <li class="footer-links__column-links--item"><a href="/terms-and-conditions/" target="_self">Terms and conditions</a></li> <li class="footer-links__column-links--item"><a href="/trust-center/privacy-and-umbraco/privacy-statement/" target="_self">Privacy policy</a></li> <li class="footer-links__column-links--item"><a href="/contact-us/" target="_self">Contact us</a></li> <li class="footer-links__column-links--item"><a href="/trust-center/" target="_self">Trust Center</a></li> </ul> </div> <div class="footer-links__column"> <h2 class="footer-links__column-title">Other resources</h2> <ul class="footer-links__column-links"> <li class="footer-links__column-links--item"><a href="/blog/" target="_self">Our blog</a></li> <li class="footer-links__column-links--item"><a href="https://our.umbraco.com/" target="_self">Developers &amp; Community</a></li> <li class="footer-links__column-links--item"><a href="https://docs.umbraco.com" target="_self">Documentation</a></li> <li class="footer-links__column-links--item"><a href="https://www.youtube.com/channel/UCbGfwSAPflebnadyhEPw-wA" target="_self">Learning Base (YouTube)</a></li> <li class="footer-links__column-links--item"><a href="https://github.com/umbraco" target="_self">Umbraco on Github</a></li> <li class="footer-links__column-links--item"><a href="https://umbracocommunity.social/@umbraco" target="_self">Mastodon</a></li> <li class="footer-links__column-links--item"><a href="/knowledge-base/" target="_self">Knowledge base</a></li> </ul> </div> </div> <div class="footer-social"> <h2 class="footer-social__text">Follow Umbraco and stay in the loop</h2> <div class="footer-social__buttons"> <a class="btn is-white" href="https://twitter.com/umbraco" title="X (Twitter)" target="_blank">X (Twitter)</a> <a class="btn is-white" href="https://www.facebook.com/Umbraco/" title="Facebook" target="_blank">Facebook</a> <a class="btn is-white" href="https://www.linkedin.com/company/umbraco/" title="LinkedIn" target="_blank">LinkedIn</a> </div> </div> </div> </footer> <script nonce="ARq8DT2L/XyEOR3UDDb826n5H6kce2dqVSPvPqf//4k=" src="/assets/_index-RmABYJWl.js" type="module"></script> <script type="application/ld+json" nonce="ARq8DT2L/XyEOR3UDDb826n5H6kce2dqVSPvPqf//4k=">{"@context":"https://schema.org","@type":"WebPage","name":"How to report a vulnerability in Umbraco","alternateName":"Umbraco"}</script> <script defer nonce="ARq8DT2L/XyEOR3UDDb826n5H6kce2dqVSPvPqf//4k="> window.currencyDictionary = [{"codes":"dk","currency":"dkk"},{"codes":"de, at, be, bg, hr, cy, cz, ee, fi, fr, gr, hu, ie, it, lv, lt, lu, mt, nl, pl, pt, ro, sk, si, es, se, is, li, no, ch, al, ba, md, me, mk, rs, tr, ua, ad, by, mc, ru, sm, va, au","currency":"eur"},{"codes":"gb","currency":"gbp"},{"codes":"us","currency":"usd"}] </script> <dc-intercom></dc-intercom> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10