The Pulsar community follows the ASF security vulnerability handling process.
To report a new vulnerability you have discovered, please follow the ASF security vulnerability reporting process. To report a vulnerability for Pulsar, contact the Apache Security Team. When reporting a vulnerability to security@apache.org, you can copy your email to private@pulsar.apache.org to send your report to the Apache Pulsar Project Management Committee. This is a private mailing list.
It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the users@pulsar.apache.org mailing list. For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
The security policy and supported versions are outlined on the Pulsar website under Security > Security Policy and Supported Versions.