Security issues and vulnerabilities can be reported via the Camunda JIRA issue tracker.
Please follow these steps:
1. Create an account on the Camunda JIRA issue tracker
2. Navigate to the issue creation screen
3. Create a JIRA ticket in the Security (SEC) project of type Security Report. The issue will only be accessible by Camunda staff and you, the reporter.
4. Please provide as many details as are known to you.
Once reported, Camunda staff will get back to you and treat your report according to our Security Issue Process.
Vulnerabilities discovered by our enterprise customers are treated as bugs and the agreed SLAs apply.