Skip to content

Security: sscgram/PDF-toolkit

SECURITY.md

Security Policy

Supported Versions

We release security updates for the following versions of PDF-toolkit:

Version Supported
2.x.x
1.x.x
< 1.0

Reporting a Vulnerability

If you discover a security vulnerability in PDF-toolkit, please report it responsibly by emailing the maintainers rather than using the public issue tracker.

Please do not publicly disclose the vulnerability until it has been addressed.

How to Report

  1. Send a detailed description of the vulnerability to the project maintainers
  2. Include steps to reproduce the issue if possible
  3. Specify the affected version(s)

What to Expect

  • You will receive acknowledgment of your report within 48 hours
  • We will work to assess the severity and develop a fix
  • You will be kept informed of the progress
  • We aim to release a security patch within 30 days of confirmation
  • Credit will be given to reporters of valid security issues (unless you prefer to remain anonymous)

Security Best Practices

When using PDF-toolkit:

  • Keep the library updated to the latest version
  • Validate and sanitize any user-provided PDF files before processing
  • Use the library in a secure environment with proper access controls
  • Report any suspicious behavior or potential vulnerabilities

Scope

This security policy applies to the PDF-toolkit library and its core functionality including:

  • PDF splitting and merging
  • Image to PDF conversion
  • PDF to image conversion
  • Header, footer, and watermark addition
  • Margin adjustment features

There aren't any published security advisories