This page lists all current security advisories for Chronicle products. Security advisories are a public announcement which informs users about a reported security problem in any Chronicle Software (or a 3rd party library on which our software depends at run time) and the steps that users should take to address it. The problem is kept confidential until the advisory is ready to be released, at which point it is published so users can take appropriate action.
Security Advisories are published on this page and contain details of:
- Severity
- Identification number
- Components and versions affected
- Mitigations
- Who the vulnerability was reported by
- Whether we are aware of it being actively exploited
- A description of the vulnerability
- Which versions the vulnerability has been fixed in
Current security advisories
All current security advisories are published below.
| Identification number | Severity | Date published |
* Note that the above table is intentionally blank – there are no security advisories at this time *
Responsible disclosure policy
Reporting
If you believe you have discovered a vulnerability in a Chronicle product or library and have a security incident to report, please contact us either through the contact us page on the chronicle.software website or by emailing security@chronicle.software.
We will respond back to you within 7 days.
We may invite you to further collaborate with us to ensure the vulnerability is dealt with as effectively and efficiently as possible
We ask that the reporter keep the issue confidential to allow time for mitigation and fix of the issue to be performed.
Disclosure
Chronicle will publish a disclosure (a security advisory) within 90 days of the initial report. If the issue is a previously unknown and unpatched vulnerability in software under active exploitation (a “0day”) then Chronicle will aim to disclose within 7 days.
As part of this disclosure, we will publish details as to how customers can mitigate the risk, details of which software components and versions are affected, together with version numbers of any components that have had a fix applied.
We will communicate the vulnerability along with the mitigation/solution to any affected customers.
We will acknowledge your contribution in reporting and helping to resolve the vulnerability.
FAQ
Q: What is a security problem?
A: In the context of computer software, a security problem is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of:
- Authentication of users and other entities
- Authorization of access rights and privileges
- Data confidentiality
- Data integrity