| Version | Supported |
|---|---|
| 0.1.x | ✅ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, report security vulnerabilities via email to:
You should receive an acknowledgment within 48 hours. We will follow up with a timeline for a fix after investigating the issue.
Security issues in this project typically involve:
- Credential exposure -- API keys, tokens, or credentials leaked through logs or error messages
- Command injection -- Unsafe handling of filenames or metadata that could allow arbitrary command execution
- Path traversal -- Improper validation of input paths allowing access outside intended directories
- Unsafe temporary file handling -- Race conditions or predictable temporary file paths
The following should be reported as regular bugs or feature requests:
- Feature requests
- Bugs that do not have security implications (crashes, incorrect output, etc.)
- Performance issues
- Compatibility issues with specific tools or platforms
- Acknowledgment within 48 hours of your report
- Initial assessment within 1 week
- Fix timeline provided based on severity and complexity
- Credit in the security advisory if you wish (please let us know your preference)
We take security seriously and appreciate responsible disclosure. Thank you for helping keep the audiobook-pipeline and its users safe.