Receiving Security Advisories
The best way to receive any and all security announcements is to subscribe to the Apache Announce Mailing List.
This mailing list has a reasonable level of traffic, and receives notifications only after security reports have been managed by the core Apache teams and fixes are publicly available.
This mailing list also has announcements of releases for Apache projects.
We strongly encourage people to report such problems to our private security mailing list first, before disclosing them in a public forum.
Please follow the guidelines laid down by the Apache Security team.
Ideally, any issues affecting Apache Pekko and Akka should be reported to Apache team first. We will share the report with the Lightbend Akka team.
Security Related Documentation