Vulnerability Disclosure Guidelines
Report a security vulnerability
If you believe you have discovered a security vulnerability in a ForgeRock product, please report it to us.
How to report a security vulnerability
If you believe you have discovered a security vulnerability that affects ForgeRock software, services, or web servers, please report it to us. We welcome reports from everyone, including security researchers, developers, and customers.
To report a security vulnerability, please send an email to [email protected] that includes:
- The specific product and software version(s) which you believe are affected
- A description of the behavior you observed as well as the behavior that you expected
- A numbered list of steps required to reproduce the issue and a video demonstration, if the steps may be hard to follow
- ForgeRock may facilitate a file exchange if required, for larger files
You'll receive an automatic reply from ForgeRock to acknowledge that we received your report, and we'll contact you if we need more information.
How ForgeRock handles these reports
For the protection of our customers, ForgeRock doesn't disclose, discuss, or confirm security issues until our investigation is complete and any necessary updates are generally available.
ForgeRock uses security advisories, to publish information about security fixes in our products.