This repository is a data model for PDF and includes unmaintained legacy proof-of-concept software only which additionally includes open-source components. As such, vulnerability reports are unlikely to be addressed.

As an industry association and standards development organization (SDO), the PDF Association recognizes application security as critical to users' trust. Secure and robust implementation of PDF software is a matter for each software implementor. Any discovered security vulnerabilities should be responsibly reported directly to the vendor or implementor on a case-by-case basis.

On this basis the PDF Association strongly encourages Coordinated Vulnerability Disclosure (CVD).

Vulnerabilities of software that includes the Arlington PDF Data Model should be reported to each vendor/implementor and not in this repository.