From Apache OpenOffice Wiki
Jump to: navigation, search
OOo Security Team


  • Security FAQ

Security Project Home
Security Team Home

Frequently Asked Questions

Is secure?

The engineers take the security of the software very seriously. We take great care to ensure that our software is secure, and we will react promptly to any reports of suspected security vulnerabilities in our software.

How do I know my copy of is genuine?

Make sure you know where your copy of has come from. Download from one of the sites listed in, or purchase from one of our CD distributors. Use a checksum to make sure your copy has not been corrupted before you install it.

How do I protect my copy of against security issues?

We recommend all users install new versions of as soon as practical after they are released. Since version 2.1, has included a feature which will tell you if a new version is available. We recommend you switch this on (Tools -> Options -> Online Update -> Check for updates automatically):


How do I stop viruses attacking my copy of

If your computer becomes infected with a virus, it is possible that any program you have installed – including - may become corrupted. Your computer cannot catch a virus from fresh air. It can become infected if someone gives you any kind of media – floppy disk, CD, DVD, memory stick, memory card etc. – anything capable of holding data can also hold a virus. It can become infected if it is connected to any kind of network, including wireless. Connections to publicly accessible networks like the internet are particularly risky.

There are a whole range of things you can do to protect your computer – firewalls, anti-virus software, etc – please contact your PC supplier or IT department for details. If you suspect your PC has been infected, please seek specialist support.

How do I protect against macro-viruses in

Macros are a useful part of any office suite, allowing you to automate repetitive tasks. A macro can do anything you can do - including potentially destructive actions such as modifying and deleting files. A macro can attached to any file (document, spreadsheet, etc.).

Whenever detects macros in a document being opened, by default it displays a warning and will only run the macro if the you specifically agree.

The safest rule is you should never open any file unless you are sure where it has come from and trust the sender. Note that it is very easy to falsify an email address - if you have any doubt, do not open the document until you have proved its identity. If you need to exchange documents regularly, we recommend the use of digital signatures to certify the origin of the document.

I am a developer - how do I report a security vulnerability in

Please report any suspected vulnerabilities to our Security Team. We appreciate early confidential disclosure to give vendors of products and solutions based on time to react. We will coordinate the disclosure of your report with you.

In your report, please include the following information:

  • In which version of did you identify the problem (e.g. 1.1.5, 2.0.2, etc.)?
  • Do you have an official version of or e.g. a build from your GNU/Linux distribution (include the URL of the build if possible)?
  • What is the impact of the problem (data loss, denial of service, executing commands, etc.)?
  • How can the problem be reproduced?
  • Is there an existing exploit?
  • Has the problem already been published?

After we receive your report, we will work on the evaluation and we will reply to you (typically in the next business day).

Where can I find a list of all the security vulnerabilities fixed in

These are listed in our Security Bulletin

"The publisher of this software cannot be verified" - what should I do?

When installing under Microsoft Windows, you may see a warning message stating that the publisher of the software could not be verified. It is safe to ignore this message if you are confident that your copy of came from a reputable source. If you have any doubts about this, you can check that the file has not been tampered with by using MD5 checksums.

Personal tools