Security

Security Advisories

See the archive of past security advisories for OMERO, the open source foundation OMERO Plus is built on. There are no vulnerabilities listed for the current version of OMERO, and by extension OMERO Plus.

How to Report a Security Vulnerability

If you discover a security vulnerability or would like to report a security issue privately and securely, please email us at security@glencoesoftware.com. You can use GPG keys to communicate with us securely. If you do, please upload your GPG public key or supply it to us in some other way, so that we can reply securely too:

security@glencoesoftware.com
GPG key
1223 219D 1D5F 6F64 33FC  A690 F850 016D 1FCE 6FBF

Glencoe Software takes its responsibility to help keep our users’ data secure very seriously. We strongly encourage people to report any security issues to our private security mailing list.

Our Process

Emails sent to us are read and acknowledged with a non-automated response. For issues that are complicated and require significant attention, we will open an investigation and keep you informed of our progress.

Details will only be released to the public once we have a fix in place.

Please note that the security mailing list should only be used for reporting undisclosed security vulnerabilities in Glencoe Software products and managing the process of fixing such vulnerabilities. We cannot accept bug reports or other queries at this address. All mail sent to this address that does not relate to a security problem will be ignored.

For bug reports and other issues, please use your dedicated support address.