Reporting Security Issues

The Apache Iceberg Project uses the standard process outlined by the Apache Security Team for reporting vulnerabilities. Note that vulnerabilities should not be publicly disclosed until the project has responded.

To report a possible security vulnerability, please email

Verifying Signed Releases

Please refer to the instructions on the Release Verification page.