Skip to content

Security: GhostInTheShell-444/local-stem-ai

Security

SECURITY.md

Security Policy

Supported versions

Version 1.0.x is the current maintained baseline for this repository.

Scope

MUSIC AI Local Studio is intended for trusted local use on 127.0.0.1.

Do not publish or attach private audio, generated stems, runtime logs, model weights, local environment files, tokens, or machine-specific paths when reporting an issue.

Reporting a vulnerability

Use GitHub private vulnerability reporting if it is enabled for the repository. If it is not enabled, contact the maintainer through a private channel chosen in the repository settings before sharing sensitive details.

Include:

  • affected version or commit
  • operating system and Python version
  • concise reproduction steps
  • expected and actual behavior
  • whether private data, model files, or local paths were exposed

Local deployment guidance

  • Keep the dashboard bound to 127.0.0.1 unless authentication and network controls are added.
  • Keep model weights outside Git history.
  • Keep runtime folders out of Git except for .gitkeep placeholders.
  • Rotate any credential immediately if it is accidentally committed or shared.

There aren't any published security advisories