Please report vulnerability disclosures to security@apache.org.
See SECURITY_MODEL.md for ShenYu's trust boundaries, deployment requirements, and the scope of what constitutes a vulnerability. Security researchers should consult this document before submitting a report.