Security Policy

The Apache Security Team handles all security issues across Apache projects and coordinates the response to vulnerabilities. For details on the vulnerability handling process, supported versions, and what is considered a security issue, visit: https://www.apache.org/security/.

Do not

For better collaboration, we hope you:

• DO NOT report non-security-impacting bugs through this channel. If you have any questions on using, development, please use GitHub Issues, Discussions, Dev mailing list or Slack instead.
• DO NOT report security issues on public GitHub Issues, Jira tickets, mailing lists, or other public forums.

Reporting Security Issues

Send your report to: security@apache.org.

Please send one plain-text email per vulnerability with the following and additional information as necessary (as much as you can provide):

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Potential impact
• Any known mitigations
• (Optional) Suggested fix

Public Discussion

For general security questions or discussions, please use the development mailing list: dev@cloudberry.apache.org

Preferred Languages

We prefer all communications to be in English.