| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We support only the most recent release. Please update before reporting a vulnerability.
Please do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities privately by emailing Matthew.Boakes@Gmail.com. Include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- The version(s) of Jabberjay affected
- Any suggested mitigations, if you have them
You can expect an acknowledgement within 48 hours and a status update within 7 days.
Jabberjay is a model inference library. Security concerns most likely to be relevant:
- Arbitrary code execution via malicious model weights or YAML config files
- Path traversal in audio file loading
- Dependency vulnerabilities in
torch,transformers, orlibrosa
Findings in third-party dependencies should be reported upstream to those projects as well.