Ongrid operates infrastructure on your behalf — it has remote execution, reverse-tunnel shell access, and handles model/API credentials. We take security reports seriously and appreciate responsible disclosure.

Security fixes target the latest release. Please reproduce against the newest tagged release before reporting.

Please do not open a public issue for security vulnerabilities.

Use GitHub's private reporting:

Security tab → Report a vulnerability → (Private vulnerability reporting)

This opens a private channel visible only to the maintainers. Include:

• A description of the issue and its impact.
• Steps to reproduce (PoC if possible).
• Affected version / commit.
• Any suggested remediation.

• We aim to acknowledge a report within a few business days.
• We'll work with you on a fix and a coordinated disclosure timeline.
• With your consent, we're happy to credit you in the release notes.

Thank you for helping keep Ongrid and its users safe.