Report a security vulnerability

The Apache Software Foundation takes a rigorous stance on eliminating security issues in its software projects. Apache APISIX is also very concerned about security issues related to its features and functionality.

If you have apprehensions regarding APISIX’s security or you discover vulnerability or potential threat, don’t hesitate to get in touch with the Apache Security Team by dropping a mail at security@apache.org.

Please specify the project name as APISIX and its product name APISIX or APISIX-Dashboard in the email and describe the relevant problem or potential threat. You are also urged to recommend a way to reproduce and replicate the issue. The Apache Security Team and the APISIX community will get back to you after assessing and analyzing the findings.

Please pay attention to reporting the security issue on the security email before disclosing it to the public domain.