|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Supported Versions |
| 4 | + |
| 5 | +Only the latest released version of AimDB receives security fixes. |
| 6 | + |
| 7 | +| Version | Supported | |
| 8 | +| ------- | ------------------ | |
| 9 | +| 1.x | :white_check_mark: | |
| 10 | +| < 1.0 | :x: | |
| 11 | + |
| 12 | +## Reporting a Vulnerability |
| 13 | + |
| 14 | +**Please do not report security vulnerabilities through public GitHub issues.** |
| 15 | + |
| 16 | +Report vulnerabilities privately using |
| 17 | +[GitHub's private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) |
| 18 | +via the **"Report a vulnerability"** button on the [Security tab](../../security/advisories/new) of this repository. |
| 19 | + |
| 20 | +Include as much of the following as possible: |
| 21 | + |
| 22 | +- Description of the vulnerability and its potential impact |
| 23 | +- Affected component (e.g., `aimdb-core`, `aimdb-mqtt-connector`, `aimdb-mcp`) |
| 24 | +- Steps to reproduce or proof-of-concept |
| 25 | +- Suggested fix or mitigation, if you have one |
| 26 | + |
| 27 | +## Response Timeline |
| 28 | + |
| 29 | +| Milestone | Target | |
| 30 | +| -------------------------------- | ------------- | |
| 31 | +| Initial acknowledgement | Within 48 h | |
| 32 | +| Confirmed / triaged | Within 7 days | |
| 33 | +| Fix released (critical severity) | Within 14 days | |
| 34 | +| Fix released (other severity) | Within 30 days | |
| 35 | + |
| 36 | +We will keep you informed of progress throughout the process. |
| 37 | + |
| 38 | +## Disclosure Policy |
| 39 | + |
| 40 | +We follow coordinated disclosure: |
| 41 | + |
| 42 | +1. Reporter submits the vulnerability privately. |
| 43 | +2. We confirm, triage, and develop a fix. |
| 44 | +3. A patched release is published. |
| 45 | +4. A GitHub Security Advisory is published after the fix is available. |
| 46 | +5. Reporter is credited in the advisory unless they prefer to remain anonymous. |
| 47 | + |
| 48 | +## Scope |
| 49 | + |
| 50 | +### In scope |
| 51 | + |
| 52 | +- Memory safety or logic errors in `aimdb-core` |
| 53 | +- Authentication or authorization bypass in any connector (MQTT, KNX, WebSocket) |
| 54 | +- Prompt injection or data exfiltration via the MCP server (`aimdb-mcp`) |
| 55 | +- Denial-of-service vulnerabilities in network-facing components |
| 56 | +- Dependency vulnerabilities with a direct exploit path in AimDB |
| 57 | + |
| 58 | +### Out of scope |
| 59 | + |
| 60 | +- Vulnerabilities in third-party dependencies without a direct exploit path |
| 61 | +- Issues requiring physical access to a device running AimDB |
| 62 | +- Social engineering or phishing |
| 63 | +- Theoretical vulnerabilities without a proof of concept |
| 64 | + |
| 65 | +## Security Considerations for Users |
| 66 | + |
| 67 | +AimDB is designed for use in trusted environments (MCU → edge → cloud). A few |
| 68 | +recommendations: |
| 69 | + |
| 70 | +- **MQTT**: Enable TLS and use strong credentials in production deployments. |
| 71 | +- **KNX**: Restrict network access to trusted KNX/IP segments. |
| 72 | +- **MCP server**: Only expose the Unix socket to trusted local processes. |
| 73 | +- **WebSocket connector**: Always run behind a TLS-terminating reverse proxy in |
| 74 | + production. |
| 75 | +- Keep AimDB and its dependencies up to date. Run `cargo audit` regularly to |
| 76 | + check for known advisories in the dependency tree. |
0 commit comments