Report security vulnerability

We strongly encourage to report security vulnerabilities to security@apache.org, rather than disclosing them publicly. Please indicate in the subject that the mail is about FreeMarker! Also, if this is about templates edited by untrusted users, please consider this FAQ entry first.

If you want to report a bug that isn't an undisclosed security vulnerability, please use our regular bug tracker.

Committers should see here how to handle reported security vulnerabilities.