Until the first stable release, security fixes are applied only to the latest code on develop and the most recent pre-release.

Do not open a public issue for a suspected vulnerability. Use GitHub's private vulnerability reporting feature under the repository's Security tab. If that feature is unavailable, contact the repository owner privately through their GitHub profile.

Include the affected component, reproduction steps, impact, and any suggested mitigation. Remove tokens, network addresses, KNX installation details, and other personal data from the report. You can expect acknowledgement within seven days. We will coordinate disclosure after a fix is available.

Never test a report against systems or KNX installations you do not own or have explicit permission to assess.