If you discover a security issue, we strongly encourage you to report it responsibly and privately.
Please send all vulnerability reports to:
Alternatively, you may open a private security advisory through the project’s GitHub repository:
https://github.com/sszczep/homeassistant-grenton/security/advisories
Please do not publicly disclose the vulnerability before we have confirmed and addressed it.
Early disclosure may put existing users at risk.
Once a vulnerability is confirmed:
- We assign a severity rating (Low / Medium / High / Critical)
- We begin patch development for firmware, or documentation
- We prepare a coordinated disclosure timeline with you
- A fix is published along with a security advisory
- Credits are provided to reporters (optional and only with consent)
To help us investigate efficiently, please include:
- Description of the vulnerability
- Steps to reproduce
- Affected firmware version
- Expected behavior vs actual behavior
- Impact assessment (if known)
- Any proof-of-concept code, test scripts
We appreciate the work of security researchers and users who help improve the safety of the project.
Responsible disclosure ensures the project remains reliable in industrial and automation environments.