jedarden/pdftract
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pdftract/.github/ISSUE_TEMPLATE/security.yml
jedarden 2573dba8ed docs(pdftract-f29c): implement GitHub Issue Forms and PR templates 
Converted GitHub issue templates from Markdown to YAML Issue Forms with
required field enforcement. Added documentation template. Updated PR
template with local validation checkbox.

Changes:
- Added config.yml to disable blank issues and route to Discussions/Security
- Converted bug_report, feature_request, performance_regression to .yml forms
- Added documentation.yml template for docs issues
- Updated security.yml as reference redirect to SECURITY.md
- Updated PULL_REQUEST_TEMPLATE.md with local validation checkbox
- Bug template enforces pdftract doctor output as required field

Closes: pdftract-f29c

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-24 06:43:48 -04:00

34 lines
1.5 KiB
YAML
Raw Blame History

name: Security Vulnerability
description: Report a security vulnerability privately
title: '[SECURITY] '
labels: [security]
body:
- type: markdown
attributes:
value: |
# ⚠️ Security Vulnerability Report
**IMPORTANT:** Do NOT submit a public issue for security vulnerabilities.
Security vulnerabilities must be reported through private channels only. This template exists for reference only—please use one of the following methods to report privately:
## Private Reporting Methods
1. **Email (preferred):** [security@jedarden.com](mailto:security@jedarden.com)
- PGP-encrypted emails are strongly encouraged
- PGP key: [`docs/security/pgp-public-key.asc`](../../docs/security/pgp-public-key.asc)
- PGP key fingerprint: See README.md
2. **GitHub Private Vulnerability Reporting:**
- Use the [Security tab](https://github.com/jedarden/pdftract/security/advisories)
- This provides a private discussion forum
See [`SECURITY.md`](../../SECURITY.md) for details on our disclosure process, supported versions, and safe harbor policy.
## Why Not a Public Issue?
- Public issues expose vulnerabilities to attackers before a fix is available
- We need time to prepare patches for supported versions
- We coordinate with downstream packagers (Homebrew, distros) before disclosure
Thank you for helping keep pdftract secure!
Reference in a new issue View git blame Copy permalink