If you came here looking for end-user support, please send any questions not related to a specific security bug to firstname.lastname@example.org.
The security teams for products associated with the codebase can be contacted at email@example.com - this includes representatives of many vendors, and associated projects. This email address is solely for reporting security issues related to the software. If your virus checker is flagging a LibreOffice download as containing a virus, this is almost certainly a false positive. Please check with another anti-virus vendor, and/or file a bug report with them before bothering the security list. Also please consider purchasing a more accurate virus checker.
In your report, please include the following information:
- In what version did you identify the specific security problem
- If it is platform dependent, which platform are you using
- A proof of concept if possible
The list of security advisories is available here.
Please note that bugs which cause the application to crash, but are otherwise un-exploitable are not treated as security vulnerabilities, and finders are encouraged to diagnose and contribute fixes to recent versions of LibreOffice in the normal way.
Incident Response Procedure
- You privately share the details of the security vulnerability with our Security Team by emailing firstname.lastname@example.org
- We acknowledge your submission and verify the vulnerability. Our first answer generally comes under 48 hours.
- Our policy is to disclose the vulnerability to the public within 30 days of resolution of the issue
- Reports will be credited in security advisories, but reporters may remain anonymous if they wish.