topic Re: Where to report a security vulnerability in Alfresco Forum

Where to report a security vulnerability

skoza — Wed, 30 Jul 2025 00:22:47 GMT

Hi!

I have found a security vulnerability in Alfresco. I want to report it. I found the VDP pdf file (https://security.hyland.com/?itemUid=a26c76c4-6568-4a97-a75b-5cc628e0a407&source=click) and it states that:

"Hyland utilizes HackerOne to as a provider for our Vulnerability Disclosure Program."

Yet I cant find any program belonging to Hyland in HackerOne. There is one named "Alfresco" (https://hackerone.com/alfresco?type=team) but it seems outdated.
Is the information provided in VDP pdf still relevant? If so, could you provide me a link to your HackerOne program?

Re: Where to report a security vulnerability

angelborroy — Wed, 30 Jul 2025 11:41:57 GMT

You can summit your vulnerability to HackerOne, it's the official channel. There is no "program" in the directory but you are still able to make it.

Re: Where to report a security vulnerability

skoza — Wed, 30 Jul 2025 15:28:18 GMT

Hi!
Thanks for the quick reply. Unfortunately I have no idea how to submit a report to hackerone without a program. Could you send me a link where I can make a submission?

Thanks a lot!