Title: Security Reports
Notice:    Licensed to the Apache Software Foundation (ASF) under one
           or more contributor license agreements.  See the NOTICE file
           distributed with this work for additional information
           regarding copyright ownership.  The ASF licenses this file
           to you under the Apache License, Version 2.0 (the
           "License"); you may not use this file except in compliance
           with the License.  You may obtain a copy of the License at
           .
             http://www.apache.org/licenses/LICENSE-2.0
           .
           Unless required by applicable law or agreed to in writing,
           software distributed under the License is distributed on an
           "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
           KIND, either express or implied.  See the License for the
           specific language governing permissions and limitations
           under the License.

## Reporting New Security Problems with Apache OpenOffice

The Apache Software Foundation takes a very active stance in eliminating security problems with Apache OpenOffice

We strongly encourage folks to report such problems to our private security mailing list first, before disclosing them in a public forum.

**Please note that the security mailing list should only be used for reporting undisclosed security vulnerabilities in Apache OpenOffice and managing 
the process of fixing such vulnerabilities. We cannot accept regular bug reports or other queries at this address. All mail sent to this address that 
does not relate to an undisclosed security problem in Apache OpenOffice will be ignored.**

If you need to report a bug that isn't an undisclosed security vulnerability, please use the bug reporting page.

Questions about:

* how to configure OpenOffice securely
* if a vulnerability applies to your particular application
* obtaining further information on a published vulnerability
* availability of patches and/or new releases

should be addressed to the project's main mailing list. Please see the mailing lists page for details of how to subscribe.

The primary *private* security mailing address is: [security@openoffice.apache.org](mailto:security@openoffice.apache.org)

Please note that we do not use a team OpenPGP key. If you wish to encrypt 
your e-mail to the security list then please use the OpenPGP keys of the following 
subset of members of the Apache OpenOffice Security Team and be aware that 
it may take us a little longer to respond to the issue. 

  - Rob Weir 5071 929F 6E89 24DB 3BE6  4B07 6140 A187 47CC BCC7 -  [pgp.mit.edu][2]
  - Juergen Schmidt D09F B15F 1A24 768D DF1F  A29C CFEE F316 51B5 FDE8 - [pgp.mit.edu][3]

Also note that security bulletins of the pre-Apache OpenOffice project are archived [at that site][1].


[1]: http://www.openoffice.org/security/bulletin.html
[2]: http://pgp.mit.edu:11371/pks/lookup?search=0x47CCBCC7&op=vindex&fingerprint=on
[3]: http://pgp.mit.edu:11371/pks/lookup?search=0x51B5FDE8&op=index&fingerprint=on