The Stirling-PDF team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings.
You can report security vulnerabilities through two channels:
-
GitHub Security Advisory:
- Navigate to the Security tab in our repository
- Click on "Report a vulnerability"
- Provide a detailed description of the vulnerability
-
Direct Email:
- Send your report to security@stirlingpdf.com
- Please include as much information as possible about the vulnerability
When reporting a vulnerability, please provide:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Any potential impact
- If possible, suggestions for addressing the vulnerability
- Your contact information for follow-up questions
We aim to acknowledge receipt of your vulnerability report within 48 hours
- Submit your report through one of the channels above
- Receive an acknowledgment from our team
- Our team will investigate and validate the issue
- We will work on a fix and keep you updated on our progress
- Once resolved, we will publish the fix and acknowledge your contribution (if desired)
At this time, we do not offer a bug bounty program. However, we greatly appreciate your efforts in making Stirling-PDF more secure and will acknowledge your contribution in our release notes (unless you prefer to remain anonymous).
Only the latest version of Stirling-PDF is supported for security updates. We do not backport security fixes to older versions.
Version | Supported |
---|---|
Latest | ✅ |
Older | ❌ |
Please note: Before reporting a security issue, ensure you are using the latest version of Stirling-PDF. Security reports for older versions will not be accepted.
When deploying Stirling-PDF:
- Always use the latest version
- Follow our deployment guidelines
- Regularly check for and apply updates