Apache OpenOffice Security Team
For general information about Apache OpenOffice security, please see our Frequently Asked Questions page.
For details of our security alerts by email service, please see our Security Alerts page.
OpenOffice is a complex piece of software developed by various teams. As such, it can contain security relevant bugs. If you are a software developer and you believe you have found a vulnerability in our source code, please contact our security team so we can evaluate the problem and work on proper solution for our users and for future versions of our product.
We appreciate early confidential disclosure to give vendors of products and solutions based on OpenOffice time to react. We will coordinate the disclosure of your report with you.
In your report, please include the following informations:
- In which version of OpenOffice did you identify the problem?
- Do you have an official version of OpenOffice or e.g. a build from your GNU/Linux distribution (include the URL of the build if possible)?
- What is the impact of the problem (data loss, denial of service, executing commands, etc.)?
- How can the problem be reproduced?
- Is there an existing exploit?
- Has the problem already been published?
After we receive your report, we will work on the evaluation and we will reply to you (typically in the next business days).
Vulnerabilities which have been resolved are listed in our Bulletin.