For the assumptions, trust boundaries, scope, and what Apache StormCrawler considers a security vulnerability, see the Apache StormCrawler Security Model.

Please report security vulnerabilities privately following the ASF security process — email security@apache.org. Do not open public GitHub issues for security reports.