If you find a security issue in PaperDiet, please avoid opening a public issue with exploit details before maintainers have a chance to review it.

Until a dedicated security contact is configured, open a private report through GitHub Security Advisories if the repository has advisories enabled. If that is not available, open a minimal public issue that states a security report is needed without including reproduction details.

Because PaperDiet bundles Ghostscript in release builds, Ghostscript version updates and security fixes should be treated as release-blocking.