We are committed to ensuring the security of the CronoStar integration and Lovelace card. Security patches are provided for the latest major version.
| Version | Supported |
|---|---|
| 1.x.x | Yes |
| < 1.0 | No |
We take all security bugs in CronoStar seriously. Thank you for improving the security of our project. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
To report a security vulnerability, please use the GitHub Security Advisory "Report a Vulnerability" feature. Please do not report security vulnerabilities through public GitHub issues.
You should receive a response within 48 hours. If for some reason you do not, please follow up to ensure we received your original report.
Once a security report is received, the maintainers will:
- Confirm the vulnerability and determine its impact
- Work on a patch to fix the vulnerability
- Prepare for a new release of CronoStar
- Once the new version is released, we will create a security advisory on GitHub to disclose the vulnerability
We will do our best to keep you informed of the progress of our efforts to resolve the security issue.