Skip to content

Security: microboxlabs/modulariot

SECURITY.md

Security Policy

Supported Versions

ModularIoT is under active development and has not yet reached a stable 1.0 release. Security fixes are applied to the latest code on the default branch. We recommend always running the most recent version.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, report them privately using GitHub's private vulnerability reporting:

  1. Go to the Security tab of this repository.
  2. Click Report a vulnerability to open a private advisory.

Please include as much of the following as you can:

  • The type of issue (e.g. injection, authentication bypass, data exposure).
  • The affected workspace (quarkus-srv, ecm-srv, turbo-repo, or miot-harness) and file paths or components involved.
  • Steps to reproduce or proof-of-concept.
  • The potential impact, including how an attacker might exploit it.

What to Expect

  • We aim to acknowledge new reports within 5 business days.
  • We will keep you informed as we investigate and work on a fix.
  • We follow a coordinated disclosure process: please give us reasonable time to release a fix before any public disclosure.

Thank you for helping keep ModularIoT and its users safe.

There aren't any published security advisories