This page has information on how to report any security bugs you might find in Crowd, and what we will do to fix the problem and announce the solution.

On this page:

Finding and Reporting a Security Vulnerability

If you find a vulnerability in Crowd, please take the following steps to report it:

1. Raise an issue on http://jira.atlassian.com:
   • Project — 'Crowd'
   • Issue Type — 'Bug'
   • Security Level — 'Reporters and Developers'
   • Priority — 'Blocker'
2. Provide as much information as possible on how to reproduce the bug.

Please conduct all communication about the vulnerability through JIRA, so that we can keep track of the issue and get a patch out as soon as possible.

Publication of Security Advisories

When a security issue is discovered in Crowd, we will resolve it as quickly as possible. Once we have a solution, we will let our customers know as follows:

• We will add a security advisory as a child of this page.
• We will post a copy of the advisory on the Crowd Announcements forum. The forum posts are also sent to our mailing list. You can subscribe via the Atlassian website.

Severity Levels

Patches and Fixes

When a security issue has been resolved, we will make the solution available as follows:

• We will release a bug-fix version of Crowd as soon as possible.
• Where feasible, we will issue a patch for the current stable version of Crowd and for older versions of Crowd. Patches will be attached to the relevant JIRA issue.

Published Security Advisories