The information you send to MarkLogic as part of this process is kept confidential within MarkLogic, and will not be shared with third parties without permission.
Reporting a Suspected Vulnerability
What to Include
When reporting a security issue or suspected vulnerability, please include as much information as possible.
-
Type of issue
-
Potential threats
-
Software version
-
Special configurations
-
Step-by-step instructions
-
Proof-of-concept or exploit code
How to Report a Security Issue?
Customers & Partners
If you are a MarkLogic customer or partner, please submit a service request for any security issue you believe you have discovered.
Non-Customers
If you are not a MarkLogic customer or partner, please use the button below to report security issues or suspected vulnerabilities. We encourage anyone that contacts us via email to secure their communication using our public encryption key.
Evaluation
MarkLogic is committed to being responsive and keeping you informed as we investigate the security concern that you reported. After you submit your initial finding, you will receive a response from a contact at MarkLogic, confirming receipt of your reported vulnerability. We will provide updates as we investigate the potential vulnerability and work for resolution. If we need additional information, we will work with you to obtain it.
Coordinated Disclosure
In order to protect MarkLogic customers, we request that you not post or share any information about a potential vulnerability in any public setting until we have researched and mitigated the reported vulnerability whereupon we can coordinate any public disclosures as appropriate.
We want to ensure that customers and partners are not put at risk while we develop the remediation. We appreciate the help provided by security researchers and MarkLogic will acknowledge all efforts at the time of public disclosure.