OpenOffice.org Security Team

For general information about OpenOffice.org security, please see our Frequently Asked Questions page.

For details of our security alerts by email service, please see our Security Alerts page.

OpenOffice.org is a complex piece of software developed by various teams. As such, it can contain security relevant bugs. If you are a software developer and you believe you have found a vulnerability in our source code, please contact our security team so we can evaluate the problem and work on proper solution for our users and for future versions of our product

We appreciate early confidential disclosure to give vendors of products and solutions based on OpenOffice.org time to react. We will coordinate the disclosure of your report with you.

In your report, please include the following informations:

• In what version of OpenOffice.org did you identified the problem (e.g. 1.1.5, 2.0.2, etc.)?
• Do you have an official version of OpenOffice.org or e.g. a build from your GNU/Linux distribution (include the URL of the build if possible)
• What is the impact of the problem (data loss, denial of service, executing commands, etc.)?
• How can the problem be reproduced?
• Is there an existing exploit?
• Has the problem already been published?

After we receive your report, we will work on the evaluation and we will reply to you (typically in the next business day).

Vulnerabilities which have been resolved are listed in our Bulletin.

Security Home