Security

Running a file conversion service means accepting user-supplied binaries. A practical security posture combines secure deployment defaults, least privilege, and regular updates to the OS, runtime, and third-party tools.

Hardening the host

Run the application under a dedicated service account with minimal filesystem permissions, isolate it from sensitive databases, and place it behind a reverse proxy that terminates TLS and enforces sane request size limits.

Dependencies

OpenFormat may invoke external processes such as LibreOffice, Inkscape, or FFmpeg when configured. Keep those packages patched and restrict their ability to reach the open internet if your policy requires it.

Reporting concerns

If you discover a vulnerability in this deployment, contact your administrator or maintainers through the channel described on the Contact us page so it can be triaged responsibly.