Apache Cloudberry Security
The Apache Security Team handles all security issues across Apache projects and coordinates the response to vulnerabilities. For details on the vulnerability handling process, supported versions, and what is considered a security issue, visit: https://www.apache.org/security/.
Do not
For better collaboration, we hope you:
- DO NOT report non-security-impacting bugs through this channel. If you have any questions on using, development, please use GitHub Issues, Discussions, Dev mailing list or Slack instead.
- DO NOT report security issues on public GitHub Issues, Jira tickets, mailing lists, or other public forums.
Reporting Security Issues
Send your report to: security@apache.org.
Please send one plain-text email per vulnerability with the following and additional information as necessary (as much as you can provide):
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Any known mitigations
- (Optional) Suggested fix
Public Discussion
For general security questions or discussions, please use the development mailing list: dev@cloudberry.apache.org
Preferred Languages
We prefer all communications to be in English.