| Version | Supported |
|---|---|
| Latest minor | Security fixes |
| Earlier | Best-effort |
Email security@pdfweave.dev or open a GitHub Security Advisory. Please do not file public issues for vulnerabilities.
We aim to respond within 5 business days. Critical issues are patch-released within 14 days of confirmation.
In scope:
- All
@pdfweave/*packages on npm - The
pdfweave.devwebsite (limited; mostly static)
Out of scope:
- Vendored
@pdfweave/pdf-libissues that are upstream pdf-lib bugs (file at https://github.com/Hopding/pdf-lib) - Issues affecting only the playground or website beyond what's published to npm
We thank contributors who responsibly disclose vulnerabilities. With your permission, we credit you here.