apache/jmeter follows the Apache Software Foundation security process. Please report suspected
vulnerabilities privately to security@apache.org; do not open public
GitHub issues or pull requests for security reports.
What the project treats as in scope and out of scope, the security properties it provides and disclaims, the adversary model, and how findings are triaged are documented in THREAT_MODEL.md.