Security updates are provided for the latest release version of evcc.
| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
To report a security vulnerability:
- DO NOT create a public GitHub issue
- Send details to the maintainers:
- via E-Mail: [email protected]
- via Slack: https://evcc.io/slack (DM to
andig,naltatisorpremultiply) - via GitHub Security Advisory: https://github.com/evcc-io/evcc/security/advisories/new
Include in your report:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
We are an open source project and not full-time maintainers. While we take security seriously and will do our best to respond quickly, we cannot guarantee specific response times.
- We aim to acknowledge reports as soon as possible
- Updates will be provided as we investigate
- Resolution time depends on severity and complexity
In scope:
- evcc core application
- official Docker images
- configuration security
- API endpoints
Out of scope:
- third-party integrations (e.g. Home Assistant Addon)
- user configurations
- hardware devices