If you discover a security vulnerability in this project, please report it responsibly.
Do not open a public issue.
Instead, use one of these methods:
- GitHub Security Advisories (preferred): Report a vulnerability
- Email: gbaron@gmail.com
Please include:
- Description of the vulnerability
- Steps to reproduce
- Affected component(s): backend, frontend, device firmware
- Potential impact
The following components are in scope:
- Backend: Lambda functions, API Gateway configuration, DynamoDB access patterns
- Frontend: React web application, WebSocket client
- Device firmware: Arduino sketch, WiFi/WebSocket handling
We will acknowledge receipt within 72 hours and aim to provide an initial assessment within one week.