Security Policy for TeXBloX
Last updated: November 3, 2025
Supported Versions
TeXBloX is distributed as an Atlassian Forge app. All active versions deployed through the Atlassian Marketplace are supported and receive updates automatically through the Forge platform.
| Version | Supported |
|---|---|
| Latest Marketplace release | ✅ |
| Older versions | ❌ (updates automatically via Atlassian Marketplace) |
Reporting a Vulnerability
We take security seriously and welcome reports of potential vulnerabilities.
If you believe you have found a security issue in TeXBloX, please contact us directly at:
- Email: support@kevinmloeffler.com
- Web form: https://kevinmloeffler.com/contact/
Please include:
- A detailed description of the issue
- Steps to reproduce
- Any affected environments or versions
We aim to acknowledge reports within 5 business days and provide a fix or mitigation plan as soon as possible.
Security Practices
- TeXBloX is built using Atlassian Forge, which runs entirely within Atlassian’s secure cloud infrastructure.
- The app makes no external network requests and stores no customer data outside Atlassian.
- All third-party libraries (e.g., KaTeX) are bundled locally and periodically reviewed for security updates.
- Builds are verified before deployment to ensure package integrity and reproducibility.
Responsible Disclosure
We kindly ask that you give us a reasonable opportunity to investigate and address a security issue before publicly disclosing it.
We are committed to transparency and will credit responsible researchers who help improve TeXBloX’s security posture.
Adventures in Problemism 