This is a project of the Apache Software Foundation and follows the ASF vulnerability handling process.
To report a new vulnerability you have discovered please follow the ASF vulnerability reporting process.