The following versions of Supertonic TTS are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ Supported |
| 0.9.x | |
| < 0.9 | ❌ Not supported |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Email the maintainers directly at security@supertonic.ai
- Include the following in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Fix Timeline: Depending on severity (see below)
| Severity | Fix Timeline |
|---|---|
| Critical | 24-72 hours |
| High | 7 days |
| Medium | 30 days |
| Low | Next release |
When deploying Supertonic TTS:
- API Keys: Use strong API keys and rotate them regularly
- Network: Run behind a reverse proxy with HTTPS
- Authentication: Enable and enforce API key authentication in production
- Updates: Keep your installation updated to the latest version
- Logging: Monitor logs for suspicious activity
- Rate Limiting: Implement rate limiting to prevent abuse
We regularly update dependencies to address security vulnerabilities. Run pip audit or use Dependabot to stay updated.
This security policy covers:
- The Supertonic TTS API server
- Authentication and authorization mechanisms
- API endpoints
- Configuration handling
This policy does NOT cover:
- Client-side applications using the API
- Third-party integrations
- Deployment infrastructure (please consult your cloud provider's security docs)
Thank you for helping keep Supertonic TTS secure!