Source code issue
Report a bug or unexpected behavior in OroCommerce, OroCRM, or OroPlatform source code via the GitHub issue tracker.
Security issue
Report a vulnerability privately by emailing the Oro security team. Never post security issues publicly.
Documentation issue
Report an inaccuracy, suggest an improvement, or share feedback about the Oro documentation.
Translation issue
Report a translation problem or contact the translation team via the Crowdin project.
Report a source code issue
Oro uses GitHub as its bug tracker. Before submitting, search the relevant issue tracker to avoid duplicating an existing report:What to include in a bug report
Providing the following information increases the chances of a quick resolution:- Clear summary of the issue in the title
- Unambiguous steps to reproduce the issue
- Environment details:
- Product version (latest stable? master?)
- Installed extensions and customizations
- Server OS and architecture (32-bit or 64-bit)
- PHP version
- Database (PostgreSQL) version
- Web server (Apache or Nginx) version and PHP setup (module or PHP-FPM)
- Client OS, browser, and version
- Screenshots of the user interface
- Relevant excerpts from web server and application log files
Example of a well-defined issue
View example bug report
View example bug report
Title: Inconsistent display of address fields when adding address to the contact.Description: While adding a new address to the contact, some fields in the new address form become mandatory, while all the fields are optional in the initial address form.Steps to reproduce:
- Navigate to Customers > Contacts in the main menu.
- Choose any contact and open its edit page.
- Proceed to the Addresses section and click +Add.
- Compare the initial form with the new one.
Report a security issue
We take security issues very seriously. If you believe you have discovered a vulnerability in OroPlatform, OroCRM, or OroCommerce, or have a security incident to report:Contact the security team privately
Send an email to [email protected]. Do not post the issue publicly.
Await acknowledgment
When properly notified of a legitimate issue, Oro will acknowledge your report and assign resources to investigate.
Coordinate resolution
Oro will work with you to fully understand the issue. The vulnerability will not be disclosed publicly until the internal investigation is complete.
Oro maintains a bug bounty program that recognizes and rewards researchers who report security issues. For more information and eligibility requirements, see the Bug Bounty page.
Responsible disclosure
Responsible disclosure is the industry best practice. It allows individuals to notify companies of security threats before going public, giving vendors a chance to resolve the problem before it can be exploited. Oro asks that you follow this procedure and allow time to protect all users of the product.Report a documentation issue
To report a documentation inaccuracy, suggest an improvement, or share feedback:- Send an email to [email protected]
- Message the team on Twitter
- Submit an issue to the GitHub repository
Report a translation issue
To report a translation-related issue, use the contact link in the Owner section of the OroCommerce project in Crowdin. Contact the translation team if:- Your translation has been approved for over one day but has not appeared in the application.
- Your translation has not been approved after more than seven days of review.
- You would like to help proofread a target language.
- You have other questions about translations not covered in the documentation or the Crowdin tutorial.