The Apache Security Team handles all security issues across Apache projects and coordinates the response to vulnerabilities. For details on the vulnerability handling process, supported versions, and what is considered a security issue, visit: https://www.apache.org/security/.
For better collaboration, we hope you:
- DO NOT report non-security-impacting bugs through this channel. If you have any questions on using, development, please use GitHub Issues, Discussions, Dev mailing list or Slack instead.
- DO NOT report security issues on public GitHub Issues, Jira tickets, mailing lists, or other public forums.
Send your report to: [email protected].
Please send one plain-text email per vulnerability with the following and additional information as necessary (as much as you can provide):
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Any known mitigations
- (Optional) Suggested fix
For general security questions or discussions, please use the development mailing list: [email protected]
We prefer all communications to be in English.