Reporting a vulnerability
We strongly encourage you to report potential security vulnerabilities to our security team first, before disclosing them in a public forum.
Only contact the security team to report undisclosed security vulnerabilities in KNIME software products and services and manage the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security-related queries. We will ignore mail that does not relate to an undisclosed security problem in KNIME software products and services.
The security team's mailing list address is: email@example.com. This is a private mailing list.
Please send one plain-text email for each vulnerability you are reporting. We may ask you to resubmit your report if you send it as an image, movie, HTML, or PDF attachment when you could as easily describe it with plain text.
You do not need to encrypt submissions, and it takes us longer to respond to encrypted reports. There is no team key for
firstname.lastname@example.org; instead you can use the OpenPGP keys of the following subset of members of the KNIME Security Team. Note that this is not a complete list of KNIME Security Team members and that you should not contact these members individually about security issues.
We do our best to acknowledge reception of a report within one business day.Vulnerability Information
You can find information on known vulnerabilities for KNIME software product at our Security Advisories. Do not ask the KNIME Security Team directly about:
An overview of the vulnerability handling process is: