| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
If you discover a security vulnerability in TeslaSync, please report it responsibly.
DO NOT open a public GitHub issue for security vulnerabilities.
Instead, please:
- Email: security@ev-dev-labs.github.io (or use GitHub's private vulnerability reporting)
- Use GitHub Security Advisories to report privately
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Assessment: Within 7 days
- Fix: Depending on severity, typically within 30 days
- Disclosure: Coordinated with reporter after fix is released
When deploying TeslaSync:
- Always use TLS in production (reverse proxy with HTTPS)
- Change all default passwords (PostgreSQL, Grafana, Redis)
- Set strong
TESLA_CLIENT_SECRET - Restrict network access to management ports (8080, 5432, 6379)
- Keep Docker images updated (Dependabot handles this automatically)
- Review Trivy scan results in the Security tab