Currently, the main branch is the only officially supported line of code for security updates.

As this system interacts with live EV charging hardware and users' billing infrastructure, we take security very seriously.

If you discover a security vulnerability within this project, please DO NOT open a public issue.

Instead, please send an e-mail to our security team at savekarev@gmail.com. We will strive to acknowledge your report within 48 hours and we will track the responsible disclosure process with you.

Please include the following in your report:

• Type of issue (e.g. cross-site scripting, SQL injection, OCPP protocol bypass).
• Full paths of source files related to the manifestation of the issue.
• The location of the affected source code (tag/branch/commit or direct URL).
• Any special configuration required to reproduce the issue.
• Step-by-step instructions to reproduce the issue.
• Proof-of-concept or exploit code (if possible).
• Impact of the issue, including how an attacker might exploit the issue.