Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Before planning to report a vulnerability to us, there are several items that you need to make sure are in place.


    Apply security guidelines for Production Deployements 


  • Do security hardening

Make sure guidelines provided under [Security Guidelines for Production Deployment#WSO2product-levelsecurity] are properly followed. Those guidlines might mitigate the security concern you are experiencing.

  • Install existing security patches 

This is mentioned in the above guidelines as well, but need to emphasis the importance, because the vulnerabilities that you find in a distribution downloaded from our site might have been already fixed by us. Security patches issued by us could be found at [].


Before running an automated security scan or performing a penetration test, please make sure these prerequisites are done.

Responsible Disclosure of Vulnerabilities


Please use the following template in reporting vulnerabilities :in order to make it useful and to help us to provide a quick mitigation.

  • Vulnerable WSO2 products(s) and version(s)
  • Overview: High-level overview of the issue and
  • self-assessed severity
  • Description: Include the steps
  • Steps to reproduce
  • Impact: Self-assessed severity and impact
  • Solution: Any proposed solution