name: Security Vulnerability
description: Report a security vulnerability privately
title: '[SECURITY] '
labels: [security]
body:
  - type: markdown
    attributes:
      value: |
        # ⚠️ Security Vulnerability Report

        **IMPORTANT:** Do NOT submit a public issue for security vulnerabilities.

        Security vulnerabilities must be reported through private channels only. This template exists for reference only—please use one of the following methods to report privately:

        ## Private Reporting Methods

        1. **Email (preferred):** [security@jedarden.com](mailto:security@jedarden.com)
           - PGP-encrypted emails are strongly encouraged
           - PGP key: [`docs/security/pgp-public-key.asc`](../../docs/security/pgp-public-key.asc)
           - PGP key fingerprint: See README.md

        2. **GitHub Private Vulnerability Reporting:**
           - Use the [Security tab](https://github.com/jedarden/pdftract/security/advisories)
           - This provides a private discussion forum

        See [`SECURITY.md`](../../SECURITY.md) for details on our disclosure process, supported versions, and safe harbor policy.

        ## Why Not a Public Issue?

        - Public issues expose vulnerabilities to attackers before a fix is available
        - We need time to prepare patches for supported versions
        - We coordinate with downstream packagers (Homebrew, distros) before disclosure

        Thank you for helping keep pdftract secure!