We release patches for security vulnerabilities. Which versions are eligible receiving such patches depend on the CVSS v3.0 Rating:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
Please report vulnerabilities by emailing security@oomol-lab.com (replace with actual security email).
Please do not report security vulnerabilities through public GitHub issues.
Please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Possible impact
- Suggested fix (if any)
We will acknowledge receipt of your vulnerability report within 48 hours and provide regular updates about our progress.
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Investigation: We will investigate and validate the reported vulnerability
- Fix Development: We will develop and test a fix for the vulnerability
- Disclosure: We will coordinate disclosure with you and release the fix
- Recognition: We will publicly acknowledge your contribution (if desired)
When using EPUB2Speech:
- Keep your Azure Speech Service credentials secure
- Use environment variables or secure credential storage
- Regularly update to the latest version
- Be cautious with EPUB files from untrusted sources
- Review processed content before sharing
We regularly update dependencies to address security vulnerabilities. Users should:
- Keep dependencies updated
- Monitor security advisories for our dependencies
- Report any security concerns about dependencies
For security-related questions, please contact: security@oomol-lab.com