topic Re: Reporting discovered security vulnerabilities in Alfresco Forum

Reporting discovered security vulnerabilities

matejp — Fri, 01 Mar 2024 21:58:55 GMT

Hello, I discovered a security vulnerability in Alfresco Content Services Enterprise and Community. I tried to disclose it through Hyland Community but I do not have access and therefore can't reach support. Is there any other way to disclose this?

Thank you.

Re: Reporting discovered security vulnerabilities

pmcmahon — Thu, 11 Apr 2024 14:35:30 GMT

At this time, non-Hyland customers/partners can report through our Vulnerability Disclosure Program (VDP)

This is found on the Hyland Trust Center ( https://security.hyland.com/ ) labeled "Report a Vulnerability" within the Company Information card.

Customers and Partners should continue to use Hyland Community (work with your Hyland representative if you cannot access).

Re: Reporting discovered security vulnerabilities

matejp — Wed, 17 Apr 2024 06:36:18 GMT

Thank you for your reply. I checkd it out and it should be possible with the link you provided, however since there was no reply to my question for quite some time, I already reported it through HackerOne. Hope that will also reach the Alfresco team.

Re: Reporting discovered security vulnerabilities

Poshysswo — Wed, 04 Jun 2025 12:27:32 GMT

You might try reaching out directly via Hyland’s official contact page or email their security team—many enterprise software companies have a dedicated security disclosure address like security@hyland.com (though you’ll want to verify the exact address). If the vulnerability is serious, you could also submit it via a responsible disclosure platform like HackerOne or Bugcrowd, if Hyland is listed there.

And speaking of security, tools like an ethical IP stresser can help test your own systems for resilience—but always use them responsibly and never against services without permission.