We strive to keep the latest version of this project secure. Older versions do not receive security updates.

We appreciate your support in keeping this project secure. If you discover a vulnerability, please follow these steps:

1. Report the issue privately:

• Send an email with a detailed description of the vulnerability, steps to reproduce it, and in the best case a possible solutions.

2. Expect a response

• I aim to respond to reports within 72 hours.
• In my response, I will confirm whether we have validated the vulnerability and provide details on how we plan to address it.

3. Disclosure:

• I prefer coordinated disclosure. Please allow me at least 90 days to fix the vulnerability before making it public.

This project addresses vulnerabilities in the following areas:

• Code flaws that could lead to malicious code execution.
• Communication vulnerabilities (e.g., insecure protocols).

Not covered:

• General bugs or feature requests (please report these as GitHub Issues).
• Vulnerabilities in dependencies not directly included in our codebase.
• Vulnerabilites regarding WLED, please contact the developer Team behind WLED regarding issues with their code.

We recognize security researchers who help us address vulnerabilities. If you report a vulnerability, we will (with your consent) mention you in the project release notes.