Security Policy

Security Vulnerability Process

The Pulsar community follows the ASF security vulnerability handling process.

To report a new vulnerability you have discovered, please follow the ASF security vulnerability reporting process. To report a vulnerability for Pulsar, contact the Apache Security Team. When reporting a vulnerability to, you can copy your email to to send your report to the Apache Pulsar Project Management Committee. This is a private mailing list.

It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the mailing list. For instructions on how to subscribe, please see

Security Policy details and supported versions of Apache Pulsar

The security policy and supported versions are outlined on the Pulsar website under Security > Security Policy and Supported Versions.

Security Advisories

Please visit the Security Advisories page.