Security Policy

Reporting a Vulnerability

Apache Directory follows the ASF security process. Report privately to security@apache.org (PMC: private@directory.apache.org); do not open public issues/PRs for security reports.

Threat Model

apache/directory-fortress-commander is the Fortress web administration console within the Apache Directory project. Its security context is covered by the Apache Directory umbrella threat model (Fortress addendum (F)): https://github.com/apache/directory-server/blob/master/THREAT_MODEL.md