The Apache Iceberg Project uses the standard process outlined by the Apache Security Team for reporting vulnerabilities. Note that vulnerabilities should not be publicly disclosed until the project has responded.
To report a possible security vulnerability, please email [email protected].
Please refer to the instructions on the Release Verification page.