We release security updates for the following versions of PDF-toolkit:
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.x.x | ❌ |
| < 1.0 | ❌ |
If you discover a security vulnerability in PDF-toolkit, please report it responsibly by emailing the maintainers rather than using the public issue tracker.
Please do not publicly disclose the vulnerability until it has been addressed.
- Send a detailed description of the vulnerability to the project maintainers
- Include steps to reproduce the issue if possible
- Specify the affected version(s)
- You will receive acknowledgment of your report within 48 hours
- We will work to assess the severity and develop a fix
- You will be kept informed of the progress
- We aim to release a security patch within 30 days of confirmation
- Credit will be given to reporters of valid security issues (unless you prefer to remain anonymous)
When using PDF-toolkit:
- Keep the library updated to the latest version
- Validate and sanitize any user-provided PDF files before processing
- Use the library in a secure environment with proper access controls
- Report any suspicious behavior or potential vulnerabilities
This security policy applies to the PDF-toolkit library and its core functionality including:
- PDF splitting and merging
- Image to PDF conversion
- PDF to image conversion
- Header, footer, and watermark addition
- Margin adjustment features