## Security Policy ### Supported Versions We actively support the following versions: | Version | Supported | | ---------- | --------- | | 20240821v2 | ✅ | Please ensure you are using the latest version to receive security updates and fixes. ### Reporting a Vulnerability If you discover a security vulnerability in GPT-SoVITS-WebUI, we encourage you to report it responsibly via GitHub Security Advisories. Here's how you can do it: 1. **Open a GitHub Security Advisory**: - Navigate to the repository's [Security tab](https://github.com/RVC-Boss/GPT-SoVITS/security). - Select "Report a vulnerability." - Provide the following details: - A detailed description of the vulnerability. - Steps to reproduce the issue (if applicable). - Any potential impact and severity level. 2. **Response Time**: We will acknowledge your report within 72 hours and provide an estimated timeline for resolution. 3. **Responsible Disclosure**: We request that you do not publicly disclose the vulnerability until it has been resolved. If necessary, we will work with you to determine an appropriate disclosure timeline. ### Best Practices for Users To maintain security while using GPT-SoVITS-WebUI: - **Update Regularly**: Always use the latest version to ensure you're benefiting from security updates. - **Environment Isolation**: Run the application in isolated environments (e.g., Docker, Conda environments) to reduce potential risks. - **Data Privacy**: Avoid using sensitive or private data unless necessary, as models are not encrypted by default. ### Security Practices To ensure a secure codebase, we follow these practices: - **Dependency Monitoring**: Regular updates and audits of third-party dependencies. - **Code Reviews**: All new contributions undergo thorough reviews to ensure they meet our security standards. - **Static Analysis**: Automated tools are used to identify common vulnerabilities in the code. ### Acknowledgments We thank the community for reporting issues and helping us improve security. If your vulnerability report leads to a fix, we would be happy to acknowledge your contribution in the release notes (if desired).