Skip to content

Security: forgesworn/heartwood-esp32

Security

SECURITY.md

Security policy

Security model

For what the device protects, against which threats, and where the current limits are (notably: physical-access resistance requires secure boot + flash encryption, which are not yet enabled), see docs/SECURITY-MODEL.md.

Reporting a vulnerability

Security issues should be reported via GitHub Security Advisories at this repo. Do not use the public issue tracker for security reports.

You should receive an initial response within 72 hours. Confirmed issues will be prioritised over feature work and released as patch versions.

Supported versions

Only the latest minor release receives security fixes. Pin to a recent version to receive them.

There aren't any published security advisories