Skip to content

Security: michael-L-i/VoiceType

SECURITY.md

Security Policy

Supported versions

Security fixes are made for the latest released version of VoiceType. Please update to the current release before reporting a vulnerability when possible.

Reporting a vulnerability

Please do not open a public GitHub issue for a suspected vulnerability.

Use the repository's Report a vulnerability flow on GitHub to send a private report. Include the affected version, a clear description of the problem, reproducible steps or a proof of concept, and any suggested mitigation.

If private reporting is unavailable, email michaelli2005li@gmail.com with the subject [VoiceType security].

We will acknowledge reports within seven days, assess the impact, and work with you on a responsible disclosure timeline. Please do not publicly disclose the issue until a fix or mitigation is available.

Privacy-sensitive reports

VoiceType handles microphone input, local transcripts, and Accessibility permissions. Reports involving accidental audio/transcript disclosure, unsafe network transmission, permission bypass, code-signing or update integrity are all security reports and should use the private channel above.

There aren't any published security advisories