.github/SECURITY.md

This is a project of theApache Software Foundation and follows theASFvulnerability handling process.

⚠️ Please do not file GitHub issues for security vulnerabilities as they are public!⚠️

Apache Software Foundation takes a rigorous standpoint in annihilating the security issuesin its software projects. Apache Superset is highly sensitive and forthcoming to issuespertaining to its features and functionality.If you have any concern or believe you have found a vulnerability in Apache Superset,please get in touch with the Apache Superset Security Team privately ate-mail addresssecurity@superset.apache.org.

More details can be found on the ASF website atASF vulnerability reporting process

We kindly ask you to include the following information in your report:

• Apache Superset version that you are using
• A sanitized copy of yoursuperset_config.py file or any config overrides
• Detailed steps to reproduce the vulnerability

Note that Apache Superset is not responsible for any third-party dependencies that mayhave security issues. Any vulnerabilities found in third-party dependencies should bereported to the maintainers of those projects. Results from security scans of ApacheSuperset dependencies found on its official Docker image can be remediated at release timeby extending the image itself.

Your responsible disclosure and collaboration are invaluable.

• Apache Superset documentation
• Common Vulnerabilities and Exposures by release
• How Security Vulnerabilities are Reported & Handled in Apache Superset (Blog)

There aren’t any published security advisories