We provide security updates for the following versions of WeasyprintTool:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We recommend always using the latest version of WeasyprintTool to ensure you have the most recent security patches and improvements.
If you discover a security vulnerability in WeasyprintTool, please report it by following these steps:
- Do NOT open a public issue on GitHub
- Report the vulnerability privately through GitHub Security Advisories
- Provide a detailed description of the vulnerability including:
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested fix (if available)
We take all security reports seriously and will respond as quickly as possible to address the issue.
When a security vulnerability is reported:
- We will acknowledge receipt of your report within 48 hours
- We will investigate and validate the vulnerability
- We will develop and test a fix
- We will release a new version with the security fix
- We will publicly disclose the vulnerability after the fix is available
WeasyprintTool wraps the Weasyprint document factory. Security vulnerabilities in Weasyprint should be reported to the Weasyprint project directly:
We monitor Weasyprint releases and update WeasyprintTool when security fixes are available.
When using WeasyprintTool:
- Always use the latest version
- Review the release notes for security updates
- Use .NET tool manifests to manage versions in your projects
- Monitor GitHub Security Advisories for this repository