We release patches for security vulnerabilities for the following versions:

If you discover a security vulnerability, please follow these steps:

1. DO NOT open a public issue
2. Email the maintainers privately (check GitHub profile for contact)
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

We will:

• Acknowledge receipt within 48 hours
• Provide a detailed response within 7 days
• Work on a fix and coordinate disclosure
• Credit you in the security advisory (if desired)

When using this integration:

1. Network Security: Ensure your Home Assistant instance is properly secured
2. Updates: Keep the integration updated to the latest version
3. Access Control: Limit network access to your DUCO devices
4. Configuration: Don't share configuration files with sensitive data

This repository uses:

• CodeQL: Automated code security scanning
• Dependency Review: Checks for vulnerable dependencies
• Dependabot: Automated dependency updates

Thank you for helping keep this project secure!