Responsibly Disclosing Security Vulnerabilities

The Hikium team is committed to security. It’s very important.

If you have found a legitimate security vulnerability, we strongly encourage you to report the vulnerability to our team.

Step 1: Check vulnerable version and other information

For the Hikium Experience Composer application

  1. Go to Settings.
  2. Go to Troubleshooting.
  3. Note the application version.

Versions 1.0.0 and later are supported. Security vulnerabilities in older versions won’t be addressed.

For vulnerable code exported from Hikium Experience Composer

  1. On the vulnerable site, navigate to the /security.txt file, if available.
  2. Note the date the code was generated at, and the version of EC the code was exported from.

Code exported from EC versions 1.0.0-beta.1 and later is supported. Security vulnerabilities in older versions won’t be addressed.

For the Hikium marketing website and our open-source libraries

If you’ve found a vulnerability in the Hikium marketing website (www.hikium.com) or our open-source libraries, just contact us.

Step 2: Report the vulnerability

Next, report the vulnerability to us.

Email us. Currently this is at hikium-team@outlook.com.

We will investigate all legitimate reports and do our best to quickly fix the problem.

Thank you for helping make Hikium products, projects, and services more secure.