If you are a MarkLogic customer or partner, please visit help.marklogic.com to submit a service request for any security issue you believe you have discovered with MarkLogic.
If you are not a customer or partner, please email firstname.lastname@example.org to report security issues or suspected vulnerabilities. We encourage people who contact MarkLogic to secure their communication using our public encryption key.
When reporting a security issue or suspected vulnerability, please include as much of the information below as possible:
The information you send to MarkLogic as part of this process is kept confidential within MarkLogic, and will not be shared with third parties without permission.
MarkLogic is committed to being responsive and keeping you informed as we investigate the security concern that you reported. After you submit your initial finding, you will receive a response from a contact at MarkLogic, confirming receipt of your reported vulnerability. We will provide updates as we investigate the potential vulnerability and work for resolution. If we need additional information, we will work with you to obtain it.
In order to protect MarkLogic customers, we request that you not post or share any information about a potential vulnerability in any public setting until we have researched and mitigated the reported vulnerability whereupon we can coordinate any public disclosures as appropriate. We want to ensure that customers and partners are not put at risk while we develop the remediation. We appreciate the help provided by security researchers and MarkLogic will acknowledge all efforts at the time of public disclosure.
From time to time it may be necessary to notify customers of security and privacy events with MarkLogic. In the interest of transparency and continued community involvement, we publish security bulletins.
We publish security bulletins that are informational, which are links to third-party resources provided by other Individuals, companies, and security teams. We also provide security bulletins that are important advisories that may impact MarkLogic software.