Security Policy

Reporting a Vulnerability

Hazelcast is committed to providing our users with secure software they can rely on. We promptly investigate all reports of security vulnerabilities affecting Hazelcast products. If you believe you have found a security vulnerability, we strongly encourage you to report it to us immediately, and we ask your help in working with our team before disclosure in a public forum. This allows us to address the issue most effectively for the benefit and protection of all users.

It’s easy to submit a vulnerability report:

• If you’re a Hazelcast customer, open a support ticket and provide us with as much detail as you’re able.
• If you are not a Hazelcast customer, please email security@hazelcast.com.
  Note: This email address is only for reporting security vulnerabilities, not inquiries about security-related topics. Please reach out to us via one of our community channels for general security questions.

Using either method, your report will be received promptly by Hazelcast staff.

What happens to my report?

Our standard process is:

1. Upon receiving your private report, Hazelcast will route it to the appropriate team for investigation.
2. If we need additional information, we will directly and privately reach out to the person who sent the vulnerability report.
3. We will verify the vulnerability and its fix.
4. The security fix will be included in a new release.

We greatly appreciate your partnership in helping us provide the strongest security posture for all users. Thank you.

Supported Versions

To find out which Hazelcast versions are currently being supported please visit our Version Support Windows page.