The Apache Software Foundation takes a strict stance on eliminating security issues in its software projects. Apache Dubbo is very sensitive to issues related to its functionality and features and addresses them promptly.
If you have concerns about the security of Dubbo, or if you discover vulnerabilities or potential threats, please email the Apache Dubbo security team at security@dubbo.apache.org. In your email, specify a description of the issue or potential threat. You are also encouraged to suggest ways to reproduce and replicate the issue. The Dubbo community will reach out to you after evaluating and analyzing the investigation results.
Please note to report security issues in a secure email before making the issue public.
An overview of the vulnerability handling process is:
For a detailed description of this process, please see here