The Apache Software Foundation takes a rigorous stance on eliminating security issues in its software projects. Likewise, Apache ShardingSphere is also vigilant and takes security issues related to its features and functionality into the highest consideration.

If you have any concerns regarding ShardingSphere’s security, or you discover a vulnerability or potential threat, please don’t hesitate to get in touch with the Apache Security Team by dropping an email at security@apache.org.

Please specify the project name as “ShardingSphere” and its product name “ShardingSphere-JDBC” or “ShardingSphere-Proxy” in the email, and provide a description of the relevant problem or potential threat. You are also urged to recommend how to reproduce and replicate the issue.

The Apache Security Team and the ShardingSphere community will get back to you after assessing and analyzing the findings.

Please note that the security issue should be reported on the security email first, before disclosing it on any public domain.