Security Policy

Reporting a Vulnerability

apache/fory follows the Apache Software Foundation security process. Please report suspected vulnerabilities privately to security@apache.org; do not open public GitHub issues or pull requests for security reports.

Security Models

Apache Fory security models are documented under docs/security. Start with the project threat model; for detailed untrusted deserialization classification rules, see the deserialization security model.