We actively support the latest major version of this integration. Security updates are provided for:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in this Home Assistant integration, please report it responsibly:
- DO NOT create a public GitHub issue
- Email the maintainers directly at: [[email protected]]
- Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Response Time: We will acknowledge your report within 48 hours
- Investigation: We will investigate and validate the vulnerability within 5 business days
- Resolution: Critical vulnerabilities will be patched within 7 days, others within 30 days
- Disclosure: We will coordinate responsible disclosure after the fix is available
When using this integration:
- Keep Updated: Always use the latest version
- Sensor Access: Only grant access to necessary sensors
- Network Security: Ensure your Home Assistant instance is properly secured
- Regular Audits: Review which sensors the integration has access to
- This integration reads sensor data from your Home Assistant instance
- No external network connections are made
- All processing is done locally
- No sensitive data is transmitted or stored externally
Security updates will be:
- Released as patch versions (e.g., 1.0.1 → 1.0.2)
- Documented in the CHANGELOG.md
- Announced in GitHub releases
- Tagged with "security" label
- Input validation for all sensor data
- Safe error handling to prevent information disclosure
- No storage of sensitive information
- Local processing only (no cloud dependencies)
Note: Replace [[email protected]] with your actual contact email before publishing.