GeoNetwork Enterprise coordinated vulnerability disclosure policy

The my.geocat.net knowledge base documents known security vulnerabilities subject to the GeoNetwork coordinated vulnerability disclosure policy. This policy applies to you our customers, please do not share this sensitive content.


As a member of the GeoNetwork community GeoCat respects the coordinated vulnerability disclosure, working on your behalf to address security vulnerabilities and concerns.

Enterprise customers are asked to report any security concerns via the my.geocat.net support portal and we will work with you to assess issue severity, establish any mitigation measures, and long term resolution.

By working with GeoCat you are actively contributing to GeoNetwork sustainability and we thank you for your patronage. 


GeoNetwork Reporting a Vulnerability

If you encounter a security vulnerability in GeoNetwork please take care to report in a responsible fashion:

  • Keep exploit details out of mailing list and issue tracker (send details to the Project Steering Committee via geonetwork@osgeo.org)
  • Be prepared to work with community members on a solution
  • Keep in mind community members are volunteers and an extensive fix may require fundraising / resources

For more information see How to contribute.

  • GeoNetwork, Vulnerability
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

CVE-2022-42889

Vulnerability subject to the GeoNetwork Enterprise responsible disclosure policy. This policy...

CVE-2021-45046

Vulnerability subject to the GeoNetwork Enterprise responsible disclosure policy. This policy...

CVE-2021-44228

Vulnerability subject to the GeoNetwork Enterprise responsible disclosure policy. This policy...