mirror of
https://github.com/RVC-Boss/GPT-SoVITS.git
synced 2025-04-05 19:41:56 +08:00
f6bdcf6846
This security page is created for better facilitate vulnerability report process in a private and collaborative manner.
46 lines
2.1 KiB
Markdown
46 lines
2.1 KiB
Markdown
## Security Policy
|
|
|
|
### Supported Versions
|
|
|
|
We actively support the following versions:
|
|
|
|
| Version | Supported |
|
|
| ---------- | --------- |
|
|
| 20240821v2 | ✅ |
|
|
|
|
Please ensure you are using the latest version to receive security updates and fixes.
|
|
|
|
### Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability in GPT-SoVITS-WebUI, we encourage you to report it responsibly via GitHub Security Advisories. Here's how you can do it:
|
|
|
|
1. **Open a GitHub Security Advisory**:
|
|
- Navigate to the repository's [Security tab](https://github.com/RVC-Boss/GPT-SoVITS/security).
|
|
- Select "Report a vulnerability."
|
|
- Provide the following details:
|
|
- A detailed description of the vulnerability.
|
|
- Steps to reproduce the issue (if applicable).
|
|
- Any potential impact and severity level.
|
|
2. **Response Time**: We will acknowledge your report within 72 hours and provide an estimated timeline for resolution.
|
|
3. **Responsible Disclosure**: We request that you do not publicly disclose the vulnerability until it has been resolved. If necessary, we will work with you to determine an appropriate disclosure timeline.
|
|
|
|
### Best Practices for Users
|
|
|
|
To maintain security while using GPT-SoVITS-WebUI:
|
|
|
|
- **Update Regularly**: Always use the latest version to ensure you're benefiting from security updates.
|
|
- **Environment Isolation**: Run the application in isolated environments (e.g., Docker, Conda environments) to reduce potential risks.
|
|
- **Data Privacy**: Avoid using sensitive or private data unless necessary, as models are not encrypted by default.
|
|
|
|
### Security Practices
|
|
|
|
To ensure a secure codebase, we follow these practices:
|
|
|
|
- **Dependency Monitoring**: Regular updates and audits of third-party dependencies.
|
|
- **Code Reviews**: All new contributions undergo thorough reviews to ensure they meet our security standards.
|
|
- **Static Analysis**: Automated tools are used to identify common vulnerabilities in the code.
|
|
|
|
### Acknowledgments
|
|
|
|
We thank the community for reporting issues and helping us improve security. If your vulnerability report leads to a fix, we would be happy to acknowledge your contribution in the release notes (if desired).
|