Hello Aryan, Thank you for helping us stay secure. You might want to review https://security.apache.org/blog/credits/ , where we list some classes of common reports that we consider invalid up-front. If the issue does not fall in any of those categories, as you can read on https://www.apache.org/security/ , the correct place to report issues with ASF services such as our website would be to r...@apache.org.
As a volunteer-based open source organization, we do not have a bug bounty program at this time. Kind regards, Arnout On Wed, Apr 24, 2024 at 7:12 PM Aryan Kamboj <aryankamboj...@gmail.com> wrote: > Hello, > I hope this mail finds you well. > > I recently came across a bug on your website and I would like to report it > in an ethical manner. > Could you please provide me with your security email address or let me > know where I should report the bug? > This will enable you to fix the issue promptly. > > {Do you have a bug bounty program or not?} > > Regards > Aryan Kamboj >