| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability in PanaVista Calendar, please report it responsibly:
- Do NOT open a public issue for security vulnerabilities.
- Email: Open a private security advisory via GitHub Security Advisories.
- Include: A description of the vulnerability, steps to reproduce, and potential impact.
You can expect:
- Acknowledgement within 48 hours
- Status update within 7 days
- Fix or mitigation as soon as practical
PanaVista runs entirely locally within your Home Assistant instance. It does not make external network requests or store data outside your HA installation. Security concerns are primarily related to:
- Input validation in configuration flows
- Frontend XSS prevention
- Safe handling of calendar entity data
- Proper use of Home Assistant authentication and authorization
We follow coordinated disclosure. Please allow reasonable time for a fix before publishing details publicly.