Hello Aryan,
Thank you for helping us stay secure. You might want to review
https://security.apache.org/blog/credits/ , where we list some classes of
common reports that we consider invalid up-front. If the issue does not
fall in any of those categories, as you can read on
https://www.apache.org/security/ , the correct place to report issues with
ASF services such as our website would be to r...@apache.org.
As a volunteer-based open source organization, we do not have a bug bounty
program at this time.
Kind regards,
Arnout
On Wed, Apr 24, 2024 at 7:12 PM Aryan Kamboj <aryankamboj...@gmail.com>
wrote:
> Hello,
> I hope this mail finds you well.
>
> I recently came across a bug on your website and I would like to report it
> in an ethical manner.
> Could you please provide me with your security email address or let me
> know where I should report the bug?
> This will enable you to fix the issue promptly.
>
> {Do you have a bug bounty program or not?}
>
> Regards
> Aryan Kamboj
>
