The latest released version on the main branch receives security fixes.

Please report security issues privately via GitHub's private vulnerability reporting rather than opening a public issue. Include reproduction steps and the affected version.

You can expect an acknowledgement within a few days. Auto-Rotate processes local files and shells out to tesseract/ocrmypdf; reports about untrusted-PDF handling or subprocess invocation are especially welcome.