Only the latest version of LeX receives security updates. We recommend always using the most recent release.
Please DO NOT report security vulnerabilities through public GitHub issues.
If you discover any security concerns, please:
- Email the maintainer directly at: [thejoefirguy@protonmail.com]
- Include "LeX Security" in your subject line
- Provide details including:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested mitigation (if known)
We will respond within 3 business days to acknowledge receipt and outline next steps.
This policy applies to:
- The core equation generation functionality
- Any data processing within LeX
- Dependency chain (KaTeX and other libraries)
- Rendering issues in third-party LaTeX processors
- Browser-specific quirks not related to core functionality
- Theoretical vulnerabilities without practical exploitation
LeX handles:
- Mathematical equation generation
- Text processing for LaTeX output
LeX does NOT:
- Store user data persistently
- Process sensitive information
- Execute arbitrary user-provided code
However, we take all potential security issues seriously.
While we currently don't have a bug bounty program, significant security contributions may be acknowledged in release notes (with contributor permission).
Confirmed vulnerabilities will be:
- Patched in a timely manner
- Disclosed in the next release notes
- Given a CVE if appropriate
We follow responsible disclosure principles and will credit finders who follow this policy.