This project is currently developed on the main branch. Security fixes (when applicable) are delivered via normal releases/merges to main.

Please do not open a public GitHub issue for security-sensitive reports.

Best option: use GitHub’s private vulnerability reporting for this repository (Security tab → “Report a vulnerability”). That keeps details out of public search/results while we work on a fix.

If private reporting is not available for you, open a draft pull request with minimal detail and ask maintainers for a private channel to share reproduction steps.

• A clear description of the issue and impact.
• Steps to reproduce (or a proof-of-concept).
• Any logs/screenshots that help validate the issue.
• The environment (Pi OS version, hardware model, and whether MQTT is enabled).

We’ll acknowledge receipt when we can and work toward a fix. Timelines depend on maintainer availability and severity.