security issues

Apache SeaTunnel Security

If you have apprehensions regarding SeaTunnel’s security or you discover vulnerability or potential threat, don’t hesitate to get in touch with the Apache Security Team by dropping a mail at security@apache.org. In the mail, specify the project name SeaTunnel with the description of the issue or potential threat. You are also urged to recommend the way to reproduce and replicate the issue. The security team and the SeaTunnel community will get back to you after assessing and analysing the findings.

Before using SeaTunnel, please review the usage documentation to ensure you understand the purpose and impact of each operation.

In seatunnel-web, it's up to the system administrator to handle user authentication. Once a user is logged in, they get full access to the system. seatunnel-web won’t perform any extra security checks when calling third-party SDKs.

The same goes for seatunnel-zeta: any client that has been authenticated will have full access. System don’t do additional security checks when those client connections interact with third-party SDKs.

PLEASE PAY ATTENTION to report the security issue on the security email before disclosing it on public domain.