Security Announcements

Dubbo Security Announcements

Reporting Security Issues

The Apache Software Foundation takes a very proactive stance in eliminating security issues and denial-of-service attacks against its products.

We strongly encourage people to report such issues to our security mailing list before disclosing them in public forums.

Please note that the security mailing list is only intended for reporting unpublicized security vulnerabilities and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other inquiries at this address. All mail sent to this address that is not related to undisclosed security problems in our source code will be ignored.

If you need to report bugs that are not undisclosed security vulnerabilities, please use the bug report page.

Security issue reporting email: security@dubbo.apache.org

For more information on how ASF handles potential security issues, please refer to https://www.apache.org/security/


Serialization Security

Using Serialization Protocols More Securely in Dubbo

RPC Protocol Security

Using RPC protocols securely in Dubbo

Registry Center Security

Using the registry center more securely in Dubbo

Dubbo Admin Security

Using Dubbo Admin more securely

Log4j Vulnerability Impact

Log4j CVE-2021-44228 Vulnerability Impact