Security updates are provided for the latest main branch and the latest tagged release.
Please do not open public issues for security vulnerabilities.
Report privately with:
- A clear description of the issue
- Impact and potential attack scenario
- Reproduction steps or proof of concept
- Suggested mitigation (optional)
Contact: open a private security advisory in GitHub Security tab for this repository.
If that is not available, contact the maintainer directly through the repository owner profile.
- Initial acknowledgement: within 5 business days
- Triage decision: within 10 business days
- Fix timeline: depends on severity and complexity
- Vulnerability is reported privately.
- Maintainer confirms and assesses severity.
- Fix is prepared and validated.
- Coordinated disclosure is published with remediation guidance.
This repository is an iOS client and depends on BLE firmware behavior from external ESP32 firmware. Some findings may need coordinated fixes across both repositories.