Please report security issues privately:
- Preferred: GitHub private vulnerability reporting — encrypted, threaded, and gives us GitHub's CVE workflow.
- Email: security@benedoc.co
Please include a description, reproduction steps (ideally with a sample PDF or minimal code), and the pdfer version or commit you tested against.
We aim to acknowledge reports within 3 business days. Critical issues are prioritized; lower-severity issues may be bundled into the next regular release.
Fixes are applied to main and the latest minor of the current major release line. Older majors are not maintained.
| Version | Status |
|---|---|
| v2.x | Supported |
| v1.x | Unsupported |
We follow coordinated disclosure: once a fix is ready, we'll agree on a public disclosure timing with the reporter, and credit you in the advisory unless you prefer to remain anonymous.