Apache Directory follows the ASF security process. Report privately to security@apache.org (PMC: private@directory.apache.org); do not open public issues/PRs for security reports.

apache/directory-studio is the Eclipse-based LDAP client tool (desktop) within the Apache Directory project. Its security context is covered by the Apache Directory umbrella threat model (client-tooling note): https://github.com/apache/directory-server/blob/master/THREAT_MODEL.md