We provide security updates for the following versions of PandocTool:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We recommend always using the latest version of PandocTool to ensure you have the latest security updates.
If you discover a security vulnerability in PandocTool, please report it responsibly:
- Open a public GitHub issue for security vulnerabilities
- Disclose the vulnerability publicly before it has been addressed
- Email details of the vulnerability to security@demaconsulting.com
- Include the following information:
- Type of vulnerability
- Affected versions
- Steps to reproduce
- Potential impact
- Any suggested fixes (if available)
- Initial Response: You will receive an acknowledgment within 48 hours
- Assessment: We will assess the vulnerability and determine its severity
- Fix Development: We will work on a fix and may contact you for additional information
- Release: Once fixed, we will release a new version and credit you for the discovery (unless you prefer to remain anonymous)
- Disclosure: We aim to disclose vulnerabilities responsibly after a fix is available
When using PandocTool:
- Always use the latest version
- Keep your .NET runtime up to date
- Review the release notes for security updates
- Follow security best practices for your development environment
PandocTool packages the Pandoc universal document converter. Security issues in Pandoc itself should be reported to the Pandoc project.
This security policy applies to:
- The PandocTool dotnet tool wrapper
- The packaging and distribution process
- Build and deployment workflows
This policy does not cover:
- Security issues in Pandoc itself (report to Pandoc project)
- Security issues in third-party dependencies (report to respective projects)
- Security issues in user-generated documents
We appreciate security researchers who follow responsible disclosure practices. Contributors who report valid security vulnerabilities will be acknowledged in the release notes (unless they prefer to remain anonymous).