• Reporting Security Issues

    Maintaining the security of Camunda BPM is an important task for us. In our documentation, we have published our Security Policy which explains how we deal with security issues. Besides our proactive efforts, it is very valuable to us when we get feedback by the community about security issues which may exist in Camunda itself (or much more commonly) in one of the libraries and dependencies we are using. When you report security issues, we can investigate them, assess their impact on different usage scenarios, provide fixes and publish a security notice. To give you an example: In January, Kai Ullrich from Code White approached us and reported that using Camunda’s API, it is possible, once authenticated, to submit a...

    Read more