blackteay/GPT-SoVITS
1
0
Fork 0
mirror of https://github.com/RVC-Boss/GPT-SoVITS.git synced 2025-04-04 03:54:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge f6bdcf68462870d887fe69a5c916f2f4c7512805 into 9da7e17efe05041e31d3c3f42c8730ae890397f2

Browse Source
This commit is contained in:
2h0ng 2025-04-02 04:19:19 +09:00 committed by GitHub
commit b3b812b25b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
SECURITY.md Normal file
View File

@ -0,0 +1,45 @@
## Security Policy
### Supported Versions
We actively support the following versions:
| Version | Supported |
| ---------- | --------- |
| 20240821v2 | ✅ |
Please ensure you are using the latest version to receive security updates and fixes.
### Reporting a Vulnerability
If you discover a security vulnerability in GPT-SoVITS-WebUI, we encourage you to report it responsibly via GitHub Security Advisories. Here's how you can do it:
1. **Open a GitHub Security Advisory**:
- Navigate to the repository's [Security tab](https://github.com/RVC-Boss/GPT-SoVITS/security).
- Select "Report a vulnerability."
- Provide the following details:
- A detailed description of the vulnerability.
- Steps to reproduce the issue (if applicable).
- Any potential impact and severity level.
2. **Response Time**: We will acknowledge your report within 72 hours and provide an estimated timeline for resolution.
3. **Responsible Disclosure**: We request that you do not publicly disclose the vulnerability until it has been resolved. If necessary, we will work with you to determine an appropriate disclosure timeline.
### Best Practices for Users
To maintain security while using GPT-SoVITS-WebUI:
- **Update Regularly**: Always use the latest version to ensure you're benefiting from security updates.
- **Environment Isolation**: Run the application in isolated environments (e.g., Docker, Conda environments) to reduce potential risks.
- **Data Privacy**: Avoid using sensitive or private data unless necessary, as models are not encrypted by default.
### Security Practices
To ensure a secure codebase, we follow these practices:
- **Dependency Monitoring**: Regular updates and audits of third-party dependencies.
- **Code Reviews**: All new contributions undergo thorough reviews to ensure they meet our security standards.
- **Static Analysis**: Automated tools are used to identify common vulnerabilities in the code.
### Acknowledgments
We thank the community for reporting issues and helping us improve security. If your vulnerability report leads to a fix, we would be happy to acknowledge your contribution in the release notes (if desired).