| Version | Supported |
|---|---|
| latest | Yes |
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public Issue
- Use GitHub Security Advisories to report privately
We will acknowledge receipt within 48 hours and provide a timeline for a fix.
gpdf is a PDF generation library. Security concerns include:
- Malicious font files causing crashes or unexpected behavior
- Malicious image files causing crashes or unexpected behavior
- PDF output that could exploit viewer vulnerabilities
- Denial of service through crafted input (e.g., deeply nested structures)
- Vulnerabilities will be fixed before public disclosure
- Credit will be given to reporters (unless anonymity is requested)
- A security advisory will be published on GitHub after the fix is released