blackteay/GPT-SoVITS
1
0
Fork 0
mirror of https://github.com/RVC-Boss/GPT-SoVITS.git synced 2025-04-05 19:41:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
GPT-SoVITS/SECURITY.md
2h0ng f6bdcf6846
Create SECURITY.md 
This security page is created for better facilitate vulnerability report process in a private and collaborative manner.
2024-11-21 01:07:16 -05:00

2.1 KiB
Raw Blame History

Security Policy

Supported Versions

We actively support the following versions:

Version Supported
20240821v2

Please ensure you are using the latest version to receive security updates and fixes.

Reporting a Vulnerability

If you discover a security vulnerability in GPT-SoVITS-WebUI, we encourage you to report it responsibly via GitHub Security Advisories. Here's how you can do it:

  1. Open a GitHub Security Advisory:
    • Navigate to the repository's Security tab.
    • Select "Report a vulnerability."
    • Provide the following details:
      • A detailed description of the vulnerability.
      • Steps to reproduce the issue (if applicable).
      • Any potential impact and severity level.
  2. Response Time: We will acknowledge your report within 72 hours and provide an estimated timeline for resolution.
  3. Responsible Disclosure: We request that you do not publicly disclose the vulnerability until it has been resolved. If necessary, we will work with you to determine an appropriate disclosure timeline.

Best Practices for Users

To maintain security while using GPT-SoVITS-WebUI:

  • Update Regularly: Always use the latest version to ensure you're benefiting from security updates.
  • Environment Isolation: Run the application in isolated environments (e.g., Docker, Conda environments) to reduce potential risks.
  • Data Privacy: Avoid using sensitive or private data unless necessary, as models are not encrypted by default.

Security Practices

To ensure a secure codebase, we follow these practices:

  • Dependency Monitoring: Regular updates and audits of third-party dependencies.
  • Code Reviews: All new contributions undergo thorough reviews to ensure they meet our security standards.
  • Static Analysis: Automated tools are used to identify common vulnerabilities in the code.

Acknowledgments

We thank the community for reporting issues and helping us improve security. If your vulnerability report leads to a fix, we would be happy to acknowledge your contribution in the release notes (if desired).