| Version | Supported |
|---|---|
| 1.3.x | ✅ |
| < 1.3 | ❌ |
If you discover a security vulnerability, please:
- Do NOT open a public issue
- Email the maintainers directly or use GitHub's private vulnerability reporting
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
This project runs on Venus OS with access to:
- D-Bus (Victron system control)
- Home Assistant API (if configured)
- Local network (web interface)
- secrets.py: Never commit this file. It contains API tokens and sensitive configuration.
- Network: Run on a trusted local network. The web interface has no authentication.
- SSL: Use HTTPS in production (see
setup_ssl.sh). - Firewall: Consider restricting access to ports 8080 (web) and 9999 (console).
- Web interface has no authentication
- TCP console stream has no encryption
- Designed for trusted home networks only