This page contains information on how to report a security vulnerability within the Apache OpenWhisk project.

Report a security vulnerability

We encourage following the Apache Vulnerability Reporting process for reporting suspected security vulnerabilities rather than disclosing them in a public forum.

In short, the person discovering the issue, the reporter, should notify the Apache Security team with details of the suspected vulnerability by sending an email to

The Apache security team will notify the Apache OpenWhisk Project Management Committee (PMC) and work with them and the submitter to address the issue as described by the Apache Vulnerability Handling process.

Please note that this mailing list should only be used for reporting undisclosed security vulnerabilities for Apache OpenWhisk code or dependent libraries, runtimes and tooling. Bug reporting should be done by opening a GitHib Issue within the corresponding project repository where a bug is suspected.