Let’s talk about something important: security
Every once in a while, community members find something that looks suspicious or might pose a risk in Alfresco. That’s great and appreciated. Responsible reporting is one of the best ways we can all help keep the ecosystem safe.
Recently, the process for reporting potential security issues has changed a bit, and it’s worth making sure everyone knows where to go.
If you’re a researcher or community contributor
Hyland now partners with HackerOne to handle all external vulnerability reports.
That means if you’re not a Hyland customer (maybe you’re part of the open-source community, or you’re just testing things and find a possible vulnerability) this is the right place to report it.
HackerOne provides:
- A safe and private way to share details with Hyland’s AppSec team
- A structured form to describe the issue, impact, and steps to reproduce
- Updates as your report is reviewed
Submit here: https://hackerone.com/hyland_software
If you’re a Hyland customer or partner
Customers and partners should use the Hyland Community Portal instead.
That’s where internal teams track and respond to product-related security findings.
Go to: https://community.hyland.com/
You’ll find sections for reporting issues and getting in touch with the right product teams.
If you’re looking for security documentation
For those who want to explore Hyland’s security posture (certifications, compliance reports, SOC and ISO standards, and more) you can find them in the Hyland Trust Center:
https://security.hyland.com/?product=alfresco-cloud
That’s where you’ll see everything related to the security framework around Alfresco Cloud and other Hyland products.
Quick summary
Security is a team effort, and the community plays a huge role in that.
So next time you notice something that doesn’t look right, use one of the links above. Your report goes straight to the right people and helps keep Alfresco (and all Hyland products) secure for everyone.
