WebsiteCommunityDeveloperFree Trial
Search…
Rocket.Chat Documentation
Getting Support
Development Docs
Quick Start
Installing and Updating
Creating the first administrator
Basic White-labeling
Identity Management (EE vs CE)
Plug-ins
Guides
User Guides
Administration
Omnichannel
Message Auditing Panel
Message Auditing Log
App Guides
Mobile Guides
Roles in Rocket.Chat
Security and Compliance Guides
Brand and Visual Guidelines
Contributors
How can I help?
Bug Reporting
Developing
Documenting
Promoting
Security
Responsible Disclosure Policy
Translating
Donate
Contributor Code of Conduct
Contributor Guidelines
Google Summer of Code
Google Season of Docs
Github Sponsorship
Rocket.Chat SaaS
Cloud Account
Resources
Frequently Asked Questions
Legal
Terms of Service
Master Services Agreement for Self Managed Workspaces
Privacy Policy
Code of Conduct for our services
GDPR
Censorship and Harmful Content
Guidelines for Law Enforcement
Server Lookup
DMCA Policy
Powered By GitBook
Security
First of all, thank you in advance for taking the time and effort to help us improve the security of Rocket.Chat! We are committed to delivering an awesome and secure chat solution for, and aided by, our community.
Given the nature of Chat, we understand each person using Rocket.Chat has some expectation about their data being secure and private. It's clear how important this is to everyone, and we work to the best of our abilities to ensure your expectations are met.

If you find a Security Issue

Please email the details to Rocket.Chat's security team at [email protected] or report directly into our HackerOne Program.​
Our security team will respond to confirm receipt of your message, review and plan the mitigation of the issue appropriately, as well as set a timeline for a new release or patch.
We follow responsible disclosure and will credit researchers when a security issue has been identified and mitigated while adhering to the following specifics:
  • You may not use automated tools in your research without our explicit consent. Use of automated tools may result in investigative action or your IP(s) being blocked.
  • You make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.
  • You give us reasonable time to respond to your report and carry out remediation.
  • We credit the first researcher to report an issue. Additionally, we reserve the right to only acknowledge researchers who discover issues in Rocket.Chat projects or related services, if we determine the issue to be of a high or critical severity, or if there has been continued research or contributions made by the reporter.
  • We will credit you with your name and a "no-follow" link to the address of your choosing (e.g. Twitter or personal website). As a token of our gratitude for your assistance, we also offer an original Rocket.Chat Shirt to every first reporter of a security problem that was not yet known to us. We may limit this reward to one item per person and depending on the availability of the item. Please refrain from requesting additional compensation for reporting vulnerabilities.
  • We will not bring any lawsuit or begin law enforcement investigation into you if you follow these parameters.

What details should you include when reporting a Security Issue

Please provide as many relevant details as you can. In particular:
  • What versions of software are involved
  • What steps someone can follow to go from an initial installation of that software to a point where they see the vulnerability
  • Any patches or steps to mitigate the problem

WhiteHat Hall-of-Fame

Rocket.Chat is very grateful for the following people who have responsibly disclosed vulnerabilities to us:
Thank you all very much!
Previous
Promoting
Next
Responsible Disclosure Policy
Last modified 10mo ago
Export as PDF
Copy link
Contents
If you find a Security Issue
What details should you include when reporting a Security Issue
WhiteHat Hall-of-Fame