| # Security Policy |
| |
| ## Security Vulnerability Process |
| |
| The Pulsar community follows the ASF [security vulnerability handling process](https://apache.org/security/#vulnerability-handling). |
| |
| To report a new vulnerability you have discovered, please follow the [ASF security vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). To report a vulnerability for Pulsar, contact the [Apache Security Team](https://www.apache.org/security/). When reporting a vulnerability to [security@apache.org](mailto:security@apache.org), you can copy your email to [private@pulsar.apache.org](mailto:private@pulsar.apache.org) to send your report to the Apache Pulsar Project Management Committee. This is a private mailing list. |
| |
| It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org) mailing list. For instructions on how to subscribe, please see https://pulsar.apache.org/contact/. |
| |
| ## Security Policy details and supported versions of Apache Pulsar |
| |
| The security policy and supported versions are outlined on the Pulsar website under [Security > Security Policy and Supported Versions](https://pulsar.apache.org/docs/security-policy-and-supported-versions/). |
| |
| ## Security Advisories |
| |
| Please visit the [Security Advisories](https://github.com/apache/pulsar/wiki/Security-advisories) page. |
