voxavatar is pre-1.0; security fixes are applied to the latest released
version on the main branch.
| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| < 0.3 | ❌ |
Please do not open a public issue for security problems. Instead, use GitHub's private security advisory form for this repository, or email the maintainer listed on the GitHub profile.
You can expect an acknowledgement within a few days. Once a fix is ready we'll coordinate a release and credit you in the changelog unless you prefer to stay anonymous.
The core library has no network or filesystem side effects beyond the WAV/CSV
paths you pass it explicitly, and no runtime dependencies. The most likely
security-relevant surface is a malicious WAV file fed to read_wav; reports
about parsing behaviour there are welcome.