If you discover a vulnerability in this project, please do not open a public issue on GitHub.

Instead, use our contact form: 🔗 https://www.openkm.com/en/contact.html

Clearly indicate that your message is about a vulnerability. Within 72 business hours, we will contact you to request the detailed report.

• Please do not publicly disclose the information until we have verified and fixed the issue.
• We commit to keeping you informed of the progress.

The OpenKM team does not directly manage CVE requests, but we are open to collaborating with you in the process so that you receive proper credit.

We highly value and appreciate the community’s contributions to improving the security of OpenKM.