If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public issue
- Email the maintainers or use GitHub Security Advisories
- Include steps to reproduce and potential impact
We will respond within 48 hours and work with you on a fix.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
- Phone numbers: call-use validates and blocks premium-rate (900/976) and Caribbean numbers
- API keys: Never commit
.envfiles. Use.env.exampleas a template - Call recordings: Transcripts may contain PII. Handle logs in
~/.call-use/logs/accordingly - SIP trunk: Secure your Twilio SIP trunk credentials
- Caller ID: v0.1 only validates caller ID format (E.164). It does NOT verify ownership. Spoofing is possible. Caller ID verification (via Twilio Lookup API) is planned for v0.2.