| Version | Supported |
|---|---|
| latest (PyPI) | ✅ |
| older releases | ❌ — please upgrade |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly — do not open a public GitHub issue.
- Email luongnv89@gmail.com with the subject line
[SECURITY] music-cli — <brief description> - Include as much detail as possible (see below)
- You will receive an acknowledgment within 48 hours
- Type of vulnerability (e.g., command injection, path traversal)
- Full paths of affected source files
- Location of the affected source code (tag / branch / commit or URL)
- Step-by-step instructions to reproduce
- Proof-of-concept or exploit code if possible
- Estimated impact
- Acknowledgment within 48 hours
- Regular progress updates
- Credit in the security advisory (if you wish)
- Notification when the fix is released
- Never commit secrets, API keys, or credentials
- Use environment variables for sensitive configuration
- Avoid
shell=Truein subprocess calls unless strictly necessary - Follow OWASP secure coding guidelines
- Report any security concerns immediately via the process above