Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create SECURITY.md #1799

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create SECURITY.md #1799

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
## Security Policy

### Supported Versions

We actively support the following versions:

| Version | Supported |
| ---------- | --------- |
| 20240821v2 | ✅ |

Please ensure you are using the latest version to receive security updates and fixes.

### Reporting a Vulnerability

If you discover a security vulnerability in GPT-SoVITS-WebUI, we encourage you to report it responsibly via GitHub Security Advisories. Here's how you can do it:

1. **Open a GitHub Security Advisory**:
- Navigate to the repository's [Security tab](https://github.com/RVC-Boss/GPT-SoVITS/security).
- Select "Report a vulnerability."
- Provide the following details:
- A detailed description of the vulnerability.
- Steps to reproduce the issue (if applicable).
- Any potential impact and severity level.
2. **Response Time**: We will acknowledge your report within 72 hours and provide an estimated timeline for resolution.
3. **Responsible Disclosure**: We request that you do not publicly disclose the vulnerability until it has been resolved. If necessary, we will work with you to determine an appropriate disclosure timeline.

### Best Practices for Users

To maintain security while using GPT-SoVITS-WebUI:

- **Update Regularly**: Always use the latest version to ensure you're benefiting from security updates.
- **Environment Isolation**: Run the application in isolated environments (e.g., Docker, Conda environments) to reduce potential risks.
- **Data Privacy**: Avoid using sensitive or private data unless necessary, as models are not encrypted by default.

### Security Practices

To ensure a secure codebase, we follow these practices:

- **Dependency Monitoring**: Regular updates and audits of third-party dependencies.
- **Code Reviews**: All new contributions undergo thorough reviews to ensure they meet our security standards.
- **Static Analysis**: Automated tools are used to identify common vulnerabilities in the code.

### Acknowledgments

We thank the community for reporting issues and helping us improve security. If your vulnerability report leads to a fix, we would be happy to acknowledge your contribution in the release notes (if desired).