This is a project of the Apache Software Foundation and follows the ASF vulnerability handling process.
Apache Software Foundation takes a rigorous standpoint in annihilating the security issues in its software projects. Apache Superset is highly sensitive and forthcoming to issues pertaining to its features and functionality. If you have any concern or believe you have found a vulnerability in Apache Superset, please get in touch with the Apache Superset Security Team privately at e-mail address security@superset.apache.org.
More details can be found on the ASF website at ASF vulnerability reporting process
We kindly ask you to include the following information in your report:
- Apache Superset version that you are using
- A sanitized copy of your
superset_config.pyfile or any config overrides - Detailed steps to reproduce the vulnerability
Note that Apache Superset is not responsible for any third-party dependencies that may have security issues. Any vulnerabilities found in third-party dependencies should be reported to the maintainers of those projects. Results from security scans of Apache Superset dependencies found on its official Docker image can be remediated at release time by extending the image itself.
Your responsible disclosure and collaboration are invaluable.