Skip to content

Security: eMerzh/gotenberg

Security

SECURITY.md

Security Policy

Supported Versions

Please ensure to keep your environment up-to-date and use only the latest version of Gotenberg. Security updates and patches will be applied only to the most recent version.

Reporting a Vulnerability

Your help in identifying vulnerabilities in our project is much appreciated. We take all reports regarding security seriously.

If you discover a security vulnerability, please refrain from publishing it publicly. Instead, kindly send us the details via email to neuhart [dot] julien [at] gmail [dot] com.

In the subject of your email, please indicate that it's a security vulnerability report for Gotenberg. In your message, please include:

  • A detailed description of the vulnerability.
  • The steps to reproduce the issue.
  • Any potential impact of the vulnerability on the users or system.

Please remember that this process is done in a 'best-effort' manner. This means we strive to respond and act as quickly as possible, but the speed may vary depending on the severity of the issue and our resources.

Thank you in advance for helping to keep our project safe!

Disclosure Policy

Once we have received your vulnerability report, we will work to validate and reproduce the issue. If we can confirm the vulnerability, we will proceed to:

  • Work on a fix and a release timeline.
  • Notify you when the fix has been implemented and released.
  • Credit you for discovering the vulnerability (unless you request anonymity).
  • Please note that we will do our best to keep you informed about the progress towards resolving the issue.

Comments on this Policy

If you have suggestions on how this process could be improved, please submit a pull request.

There aren’t any published security advisories