Apache Spark uses the standard process outlined by the Apache Security Team for reporting vulnerabilities.
If you need to report a possible security vulnerability, please email
firstname.lastname@example.org. This is a
non-public list that will reach the Spark PMC. Messages to
email@example.com will also reach the PMC.