---
name: Security Vulnerability
about: Report a security vulnerability privately
title: '[SECURITY] '
labels: security
---

# Security Vulnerability Report

**IMPORTANT:** This issue template is for reference only. **Do NOT submit a public issue for security vulnerabilities.**

Security vulnerabilities must be reported through private channels only:

1. **Email (preferred):** [security@jedarden.com](mailto:security@jedarden.com)
   - PGP-encrypted emails are strongly encouraged
   - PGP key: [`docs/security/pgp-public-key.asc`](../docs/security/pgp-public-key.asc)
   - PGP key fingerprint: See README.md

2. **GitHub Private Vulnerability Reporting:**
   - Use the [Security tab](https://github.com/jedarden/pdftract/security/advisories)
   - This provides a private discussion forum

See [`SECURITY.md`](../SECURITY.md) for details on our disclosure process, supported versions, and safe harbor policy.

**Why not a public issue?**
- Public issues expose vulnerabilities to attackers before a fix is available
- We need time to prepare patches for supported versions
- We coordinate with downstream packagers (Homebrew, distros) before disclosure

Thank you for helping keep pdftract secure!