ModularIoT is under active development and has not yet reached a stable 1.0 release. Security fixes are applied to the latest code on the default branch. We recommend always running the most recent version.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report them privately using GitHub's private vulnerability reporting:
- Go to the Security tab of this repository.
- Click Report a vulnerability to open a private advisory.
Please include as much of the following as you can:
- The type of issue (e.g. injection, authentication bypass, data exposure).
- The affected workspace (
quarkus-srv,ecm-srv,turbo-repo, ormiot-harness) and file paths or components involved. - Steps to reproduce or proof-of-concept.
- The potential impact, including how an attacker might exploit it.
- We aim to acknowledge new reports within 5 business days.
- We will keep you informed as we investigate and work on a fix.
- We follow a coordinated disclosure process: please give us reasonable time to release a fix before any public disclosure.
Thank you for helping keep ModularIoT and its users safe.