Security
This page describes which versions receive security fixes and how to disclose a vulnerability privately.
Supported versions
Security fixes are backported only to the latest release. Older versions are not supported.
| Version | Security fixes |
|---|---|
| Latest release | ✅ Yes |
| Older releases | ❌ No |
Keep this integration up to date by checking for updates in HACS or by following
the GitHub Releases page.
Reporting a vulnerability
Do not open a public GitHub issue for security vulnerabilities.
Public disclosure before a fix is available can put other users at risk.
Please use GitHub Security Advisories to report a vulnerability privately. This ensures the report is visible only to you and the project maintainers until a coordinated fix and disclosure can be prepared.
What to include
- A clear description of the vulnerability and its impact.
- Step-by-step reproduction instructions, including any required configuration.
- Any mitigations or workarounds you have identified.
- The version of the integration you tested against.
Response timeline
| Action | Target time |
|---|---|
| Initial acknowledgement | 72 hours |
| Fix & coordinated disclosure | Best effort — depends on complexity |
You will be credited in the security advisory unless you prefer to remain anonymous.