Title: Security Reports Notice: http://www.apache.org/licenses/LICENSE-2.0

Reporting New Security Problems with Apache OpenOffice

The Apache Software Foundation takes a very active stance in eliminating security problems with Apache OpenOffice.

We strongly encourage folks to report such problems to our private security mailing list first, before disclosing them in a public forum.

Please note that the security mailing list should only be used for reporting undisclosed security vulnerabilities in Apache OpenOffice and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other queries at this address. All mail sent to this address that does not relate to an undisclosed security problem in Apache OpenOffice will be ignored.

If you need to report a bug that isn't an undisclosed security vulnerability, please use the bug reporting page.

Questions about:

  • how to configure OpenOffice securely
  • if a vulnerability applies to your particular application
  • obtaining further information on a published vulnerability
  • availability of patches and/or new releases

should be addressed to the project's main mailing list. Please see the mailing lists page for details of how to subscribe.

The primary private security mailing address is: security@openoffice.apache.org

Please note that we do not use a team OpenPGP key. If you wish to encrypt your e-mail to the security list then please use the OpenPGP keys of the following subset of members of the Apache OpenOffice Security Team and be aware that it may take us a little longer to respond to the issue.

  • Carl Marcum 813A C3C2 48B3 F26F B5D1 EB32 F1DA 7E3B 9553 BF9A - cmarcum
  • Damjan Jovanovic B034 1587 D6D2 E744 B6B8 8259 5C77 E6B1 9D41 C6CA - damjan
  • Andrea Pescetti 6D09 7A5C A3A8 C1E5 314D 9E67 013D A51F 8F0E 4C63 - pescetti

Bulletins about vulnerabilities and their mitigations are found at the Apache OpenOffice Security Bulletins archive. Bulletins for legacy OpenOffice.org releases preceding Apache OpenOffice 3.4.0 are included for historical purposes.