Only the latest release receives security updates.

Do not open a public issue.

Please report vulnerabilities through one of these channels:

1. GitHub Security Advisories (preferred): Report a vulnerability
2. Email: mlorentedev@gmail.com

• Description of the vulnerability
• Steps to reproduce
• Potential impact

• Acknowledgment: Within 48 hours
• Assessment: Within 1 week
• Fix: Targeting 2 weeks for critical issues

This policy covers:

• pdf-modifier-mcp Python package
• MCP server and CLI interfaces

Out of scope:

• Third-party dependencies (report upstream)
• User-generated PDF content