If you find a vulnerability in a third-party module or dependency of OceanBase projects, please report it following the vulnerability disclosure policy of the component. Welcome to submit a pull request to OceanBase community if there is already a fixed version for the vulnerability.

If you find a vulnerability in the code of OceanBase projects, please do not disclose any information about it before the release of the patched version, or exploit it for profit. Please contact open_security@oceanbase.com, and we will get in touch with you in 2 business days.