report-security-vulnerabilities.html - freemarker-site - Git at Google

 <!doctype html>
 <!-- Generated by FreeMarker/Docgen from DocBook -->
 <html lang="en" class="page-type-section">
 <head prefix="og: http://ogp.me/ns#">
 <meta charset="utf-8">
 <title>Report security vulnerability - Apache FreeMarker™</title>
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width,initial-scale=1">
 <meta name="format-detection" content="telephone=no">
 <meta property="og:site_name" content="Apache FreeMarker™">
 <meta property="og:title" content="Report security vulnerability">
 <meta property="og:locale" content="en_US">
 <meta property="og:url" content="https://freemarker.apache.org/report-security-vulnerabilities.html">
 <link rel="canonical" href="https://freemarker.apache.org/report-security-vulnerabilities.html">
 <link rel="icon" href="favicon.png" type="image/png">
 <link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Roboto:500,700,400,300|Droid+Sans+Mono">
 <link rel="stylesheet" type="text/css" href="docgen-resources/docgen.min.css?1707809060700">
 <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/cookie-bar/cookiebar-latest.min.js"></script>
 </head>
 <body itemscope itemtype="https://schema.org/Code">
     <meta itemprop="url" content="https://freemarker.apache.org/">
     <meta itemprop="name" content="Apache FreeMarker™">

   <!--[if lte IE 9]>
   <div class="oldBrowserWarning" style="display: block">
     Unsupported web browser - Use a modern browser to view this website!
   </div>
   <![endif]-->  <div class="oldBrowserWarning">
     Unsupported web browser - Use a modern browser to view this website!
   </div>
 <div class="header-top-bg"><div class="site-width header-top"><div id="hamburger-menu" role="button"></div>          <div class="logo">
 <a href="https://freemarker.apache.org/" role="banner"><img itemprop="image" src="logo.png" alt="FreeMarker"></a>          </div>
 <ul class="tabs"><li class="current"><a href="index.html">Home</a></li><li><a href="docs/index.html">Manual</a></li><li><a class="external" href="docs/api/index.html">Java API</a></li></ul><ul class="secondary-tabs"><li><a class="tab icon-heart" href="contribute.html" title="Contribute"><span>Contribute</span></a></li><li><a class="tab icon-bug" href="https://issues.apache.org/jira/projects/FREEMARKER" title="Report a Bug"><span>Report a Bug</span></a></li><li><a class="tab icon-download" href="freemarkerdownload.html" title="Download"><span>Download</span></a></li></ul></div></div>    <div class="main-content site-width">
       <div class="content-wrapper">
   <div id="table-of-contents-wrapper" class="col-left">
       <script>var breadcrumb = ["Apache FreeMarker™","Community","Report security vulnerability"];</script>
       <script src="toc.js?1707809060700"></script>
       <script src="docgen-resources/main.min.js?1707809060700"></script>
       <div class="side-toc-logos">
           <div class="side-toc-logo">
             <a href="https://www.apache.org/events/current-event.html" target="_blank"><img src="https://www.apache.org/events/current-event-234x60.png" alt="Apache Incubator" /></a>
           </div>
       </div>
   </div>
 <div class="col-right"><div class="page-content"><div class="page-title"><div class="title-wrapper">
 <h1 class="content-header header-section1" id="report-security-vulnerabilities" itemprop="headline">Report security vulnerability</h1>
 </div></div><p>We strongly encourage to report security vulnerabilities to <a href="mailto:security@apache.org">security@apache.org</a>, rather than disclosing them publicly.
       Please indicate in the subject that the mail is about FreeMarker! Also,
       if this is about templates edited by untrusted users, please consider
       <a href="https://freemarker.apache.org/docs/app_faq.html#faq_template_uploading_security">this FAQ entry</a>
       first.</p><p>If you want to report a bug that isn&#39;t an undisclosed security
       vulnerability, please use <a href="https://issues.apache.org/jira/projects/FREEMARKER">our regular bug
       tracker</a>.</p><p>Committers should <a href="committer-howto.html#handle-security-vulnerabilities">see here</a> how to handle
       reported security vulnerabilities.</p></div></div>      </div>
     </div>
 <div class="site-footer"><div class="site-width"><div class="footer-top"><div class="col-left sitemap"><div class="column"><h3 class="column-header">Overview</h3><ul><li><a href="index.html">What is FreeMarker?</a></li><li><a href="freemarkerdownload.html">Download</a></li><li><a href="docs/app_versions.html">Version history</a></li><li><a href="docs/app_faq.html">FAQ</a></li><li><a itemprop="license" href="docs/app_license.html">License</a></li><li><a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy policy</a></li></ul></div><div class="column"><h3 class="column-header">Often used / Reference</h3><ul><li><a href="https://try.freemarker.apache.org/">Try template online</a></li><li><a href="docs/dgui_template_exp.html#exp_cheatsheet">Expressions cheatsheet</a></li><li><a href="docs/ref_directive_alphaidx.html">#directives</a></li><li><a href="docs/ref_builtins_alphaidx.html">?built_ins</a></li><li><a href="docs/ref_specvar.html">.special_vars</a></li><li><a href="docs/api/freemarker/core/Configurable.html#setSetting-java.lang.String-java.lang.String-">Configuration settings</a></li></ul></div><div class="column"><h3 class="column-header">Community</h3><ul><li><a href="https://github.com/apache/freemarker">Github project page</a></li><li><a href="https://issues.apache.org/jira/projects/FREEMARKER">Report a bug</a></li><li><a href="report-security-vulnerabilities.html">Report security vulnerability</a></li><li><a href="https://stackoverflow.com/questions/ask?tags=freemarker">Get help on StackOverflow</a></li><li><a href="https://twitter.com/freemarker">Announcements on Twitter</a></li><li><a href="mailing-lists.html">Discuss on mailing lists</a></li></ul></div></div><div class="col-right"><ul class="social-icons"><li><a class="github" href="https://github.com/apache/freemarker">GitHub</a></li><li><a class="twitter" href="https://twitter.com/freemarker">Twitter</a></li><li><a class="stack-overflow" href="https://stackoverflow.com/questions/ask?tags=freemarker">Stack Overflow</a></li></ul><a class="xxe" href="http://www.xmlmind.com/xmleditor/" rel="nofollow" title="Edited with XMLMind XML Editor"><span>Edited with XMLMind XML Editor</span></a></div></div><div class="footer-bottom"> <p class="last-generated">
 Last generated:
 <time itemprop="dateModified" datetime="2024-02-13T07:24:20Z" title="Tuesday, February 13, 2024 at 7:24:20 AM Greenwich Mean Time">2024-02-13 07:24:20 GMT</time> </p>
 <p class="copyright">
 © <span itemprop="copyrightYear">1999</span>–2024
 <a itemtype="http://schema.org/Organization" itemprop="copyrightHolder" href="http://apache.org/">The Apache Software Foundation</a>. Apache FreeMarker, FreeMarker, Apache Incubator, Apache, the Apache FreeMarker logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners. </p>
 </div></div></div></body>
 </html>
	<!doctype html>
	<!-- Generated by FreeMarker/Docgen from DocBook -->
	<html lang="en" class="page-type-section">
	<head prefix="og: http://ogp.me/ns#">
	<meta charset="utf-8">
	<title>Report security vulnerability - Apache FreeMarker™</title>
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
	<meta name="viewport" content="width=device-width,initial-scale=1">
	<meta name="format-detection" content="telephone=no">
	<meta property="og:site_name" content="Apache FreeMarker™">
	<meta property="og:title" content="Report security vulnerability">
	<meta property="og:locale" content="en_US">
	<meta property="og:url" content="https://freemarker.apache.org/report-security-vulnerabilities.html">
	<link rel="canonical" href="https://freemarker.apache.org/report-security-vulnerabilities.html">
	<link rel="icon" href="favicon.png" type="image/png">
	<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Roboto:500,700,400,300\|Droid+Sans+Mono">
	<link rel="stylesheet" type="text/css" href="docgen-resources/docgen.min.css?1707809060700">
	<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/cookie-bar/cookiebar-latest.min.js"></script>
	</head>
	<body itemscope itemtype="https://schema.org/Code">
	<meta itemprop="url" content="https://freemarker.apache.org/">
	<meta itemprop="name" content="Apache FreeMarker™">

	<!--[if lte IE 9]>
	<div class="oldBrowserWarning" style="display: block">
	Unsupported web browser - Use a modern browser to view this website!
	</div>
	<![endif]--> <div class="oldBrowserWarning">
	Unsupported web browser - Use a modern browser to view this website!
	</div>
	<div class="header-top-bg"><div class="site-width header-top"><div id="hamburger-menu" role="button"></div> <div class="logo">
	<a href="https://freemarker.apache.org/" role="banner"><img itemprop="image" src="logo.png" alt="FreeMarker"></a> </div>
	<ul class="tabs"><li class="current"><a href="index.html">Home</a></li><li><a href="docs/index.html">Manual</a></li><li><a class="external" href="docs/api/index.html">Java API</a></li></ul><ul class="secondary-tabs"><li><a class="tab icon-heart" href="contribute.html" title="Contribute"><span>Contribute</span></a></li><li><a class="tab icon-bug" href="https://issues.apache.org/jira/projects/FREEMARKER" title="Report a Bug"><span>Report a Bug</span></a></li><li><a class="tab icon-download" href="freemarkerdownload.html" title="Download"><span>Download</span></a></li></ul></div></div> <div class="main-content site-width">
	<div class="content-wrapper">
	<div id="table-of-contents-wrapper" class="col-left">
	<script>var breadcrumb = ["Apache FreeMarker™","Community","Report security vulnerability"];</script>
	<script src="toc.js?1707809060700"></script>
	<script src="docgen-resources/main.min.js?1707809060700"></script>
	<div class="side-toc-logos">
	<div class="side-toc-logo">
	<a href="https://www.apache.org/events/current-event.html" target="_blank"><img src="https://www.apache.org/events/current-event-234x60.png" alt="Apache Incubator" /></a>
	</div>
	</div>
	</div>
	<div class="col-right"><div class="page-content"><div class="page-title"><div class="title-wrapper">
	<h1 class="content-header header-section1" id="report-security-vulnerabilities" itemprop="headline">Report security vulnerability</h1>
	</div></div><p>We strongly encourage to report security vulnerabilities to <a href="mailto:security@apache.org">security@apache.org</a>, rather than disclosing them publicly.
	Please indicate in the subject that the mail is about FreeMarker! Also,
	if this is about templates edited by untrusted users, please consider
	<a href="https://freemarker.apache.org/docs/app_faq.html#faq_template_uploading_security">this FAQ entry</a>
	first.</p><p>If you want to report a bug that isn't an undisclosed security
	vulnerability, please use <a href="https://issues.apache.org/jira/projects/FREEMARKER">our regular bug
	tracker</a>.</p><p>Committers should <a href="committer-howto.html#handle-security-vulnerabilities">see here</a> how to handle
	reported security vulnerabilities.</p></div></div> </div>
	</div>
	<div class="site-footer"><div class="site-width"><div class="footer-top"><div class="col-left sitemap"><div class="column"><h3 class="column-header">Overview</h3><ul><li><a href="index.html">What is FreeMarker?</a></li><li><a href="freemarkerdownload.html">Download</a></li><li><a href="docs/app_versions.html">Version history</a></li><li><a href="docs/app_faq.html">FAQ</a></li><li><a itemprop="license" href="docs/app_license.html">License</a></li><li><a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy policy</a></li></ul></div><div class="column"><h3 class="column-header">Often used / Reference</h3><ul><li><a href="https://try.freemarker.apache.org/">Try template online</a></li><li><a href="docs/dgui_template_exp.html#exp_cheatsheet">Expressions cheatsheet</a></li><li><a href="docs/ref_directive_alphaidx.html">#directives</a></li><li><a href="docs/ref_builtins_alphaidx.html">?built_ins</a></li><li><a href="docs/ref_specvar.html">.special_vars</a></li><li><a href="docs/api/freemarker/core/Configurable.html#setSetting-java.lang.String-java.lang.String-">Configuration settings</a></li></ul></div><div class="column"><h3 class="column-header">Community</h3><ul><li><a href="https://github.com/apache/freemarker">Github project page</a></li><li><a href="https://issues.apache.org/jira/projects/FREEMARKER">Report a bug</a></li><li><a href="report-security-vulnerabilities.html">Report security vulnerability</a></li><li><a href="https://stackoverflow.com/questions/ask?tags=freemarker">Get help on StackOverflow</a></li><li><a href="https://twitter.com/freemarker">Announcements on Twitter</a></li><li><a href="mailing-lists.html">Discuss on mailing lists</a></li></ul></div></div><div class="col-right"><ul class="social-icons"><li><a class="github" href="https://github.com/apache/freemarker">GitHub</a></li><li><a class="twitter" href="https://twitter.com/freemarker">Twitter</a></li><li><a class="stack-overflow" href="https://stackoverflow.com/questions/ask?tags=freemarker">Stack Overflow</a></li></ul><a class="xxe" href="http://www.xmlmind.com/xmleditor/" rel="nofollow" title="Edited with XMLMind XML Editor"><span>Edited with XMLMind XML Editor</span></a></div></div><div class="footer-bottom"> <p class="last-generated">
	Last generated:
	<time itemprop="dateModified" datetime="2024-02-13T07:24:20Z" title="Tuesday, February 13, 2024 at 7:24:20 AM Greenwich Mean Time">2024-02-13 07:24:20 GMT</time> </p>
	<p class="copyright">
	© <span itemprop="copyrightYear">1999</span>–2024
	<a itemtype="http://schema.org/Organization" itemprop="copyrightHolder" href="http://apache.org/">The Apache Software Foundation</a>. Apache FreeMarker, FreeMarker, Apache Incubator, Apache, the Apache FreeMarker logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners. </p>
	</div></div></div></body>
	</html>