Skip to content

Security: aleks-ivanov/itext7-dotnet

Security

SECURITY.md

iText Security Policy

Reporting a Vulnerability

We are committed to maintaining the security of our software. If you discover a security vulnerability, we encourage you to report it to us as soon as possible.

To report a vulnerability, please visit our Vulnerability Reporting Page, or email [email protected]. If you do not receive a response in 2 business days, please follow up as we may not have received your message.

We follow the procedure of Coordinated Vulnerability Disclosure (CVD) and, to protect the ecosystem, we request that those reporting do the same. Please visit the above page for more information, and follow the steps below to ensure that your report is handled promptly and appropriately:

  1. Do not disclose the vulnerability publicly until we have had a chance to address it.
  2. Provide a detailed description of the vulnerability, including steps to reproduce it, if possible.
  3. Include any relevant information such as the version of iText Core you are using, your operating system, and any other pertinent details.

Security Updates and Patches

When a vulnerability is reported, we will:

  1. Investigate and verify the vulnerability.
  2. Develop and test a fix for the vulnerability.
  3. Release a patch as soon as possible.

Known Vulnerabilities

The iText Knowledge Base has a page for known Common Vulnerabilities and Exposures (CVEs), please check it to ensure your vulnerability has not already been disclosed or addressed.

Supported product lines

See Compatibility Matrix

Security Best Practices

To help ensure the security of your applications using iText Core, we recommend the following best practices:

  1. Keep iText Core up to date by regularly checking for and applying updates.
  2. Review and follow our security guidelines for secure usage.
  3. Monitor your applications for any unusual activity and investigate any anomalies promptly.

Thank you for helping us keep iText secure!

There aren’t any published security advisories