Important Update – MarkLogic World 2020

Reporting A Suspected Vulnerability

If you are a MarkLogic customer or partner, please visit help.marklogic.com to submit a service request for any security issue you believe you have discovered with MarkLogic.

If you are not a customer or partner, please email security@marklogic.com to report security issues or suspected vulnerabilities. We encourage people who contact MarkLogic to secure their communication using our public encryption key.

When reporting a security issue or suspected vulnerability, please include as much of the information below as possible:

  • Type of issue
  • Impact of the issue, including how an attacker could exploit the issue
  • Software version
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue on a fresh install
  • Proof-of-concept or exploit code

The information you send to MarkLogic as part of this process is kept confidential within MarkLogic, and will not be shared with third parties without permission.

Email us to report a vulnerability    Download our public encryption key

Evaluation

MarkLogic is committed to being responsive and keeping you informed as we investigate the security concern that you reported. After you submit your initial finding, you will receive a response from a contact at MarkLogic, confirming receipt of your reported vulnerability. We will provide updates as we investigate the potential vulnerability and work for resolution. If we need additional information, we will work with you to obtain it.

Coordinated Disclosure

In order to protect MarkLogic customers, we request that you not post or share any information about a potential vulnerability in any public setting until we have researched and mitigated the reported vulnerability whereupon we can coordinate any public disclosures as appropriate. We want to ensure that customers and partners are not put at risk while we develop the remediation. We appreciate the help provided by security researchers and MarkLogic will acknowledge all efforts at the time of public disclosure.

Other Useful Links

Security Bulletins

From time to time it may be necessary to notify customers of security and privacy events with MarkLogic. In the interest of transparency and continued community involvement, we publish security bulletins.

We publish security bulletins that are informational, which are links to third-party resources provided by other Individuals, companies, and security teams. We also provide security bulletins that are important advisories that may impact MarkLogic software.

View Security Bulletins

This website uses cookies.

By continuing to use this website you are giving consent to cookies being used in accordance with the MarkLogic Privacy Statement.