powered by Jive Software

Security issue found in Openfire

Hi, I’ve emailed the details on Dec 6, 2018, to security@igniterealtime.org but no respond.
The email subject is [FG-VD-18-163] Ignite Realtime Openfire Cross-Site Scripting Vulnerability Notification.

Can you check the status of my report, please?
Or can you suggest me how to report security issues?


It’s the correct way to report security issues (sending to that email address). Ignite Realtime team consists of a few volunteers with limited time they can devote to these projects. So some reports might no get replies fast enough or are buried below other emails. You can try sending your report again.

I’ve checked the original email, and unless I’ve missed something I can’t actually see an indication of what the problem is?