Skip to content

Security: victron-venus/inverter-control

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.3.x
< 1.3

Reporting a Vulnerability

If you discover a security vulnerability, please:

  1. Do NOT open a public issue
  2. Email the maintainers directly or use GitHub's private vulnerability reporting
  3. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

Security Considerations

This project runs on Venus OS with access to:

  • D-Bus (Victron system control)
  • Home Assistant API (if configured)
  • Local network (web interface)

Recommendations

  1. secrets.py: Never commit this file. It contains API tokens and sensitive configuration.
  2. Network: Run on a trusted local network. The web interface has no authentication.
  3. SSL: Use HTTPS in production (see setup_ssl.sh).
  4. Firewall: Consider restricting access to ports 8080 (web) and 9999 (console).

Known Limitations

  • Web interface has no authentication
  • TCP console stream has no encryption
  • Designed for trusted home networks only

There aren't any published security advisories