Security Policy
Aurora Home is an open-source project. We take security seriously and appreciate responsible disclosure. This page describes how to report vulnerabilities and what you can expect from us.
Last updated: April 2026
Reporting a vulnerability
Please do not open a public GitHub issue for security vulnerabilities. Instead, send a detailed report by email:
security@aurora-home.devPlease include: a description of the vulnerability, steps to reproduce, potential impact, and any proof-of-concept code if applicable.
Response timeline
Timelines are best-effort. Complex issues may take longer; we will keep you informed throughout the process.
In scope
- aurora-home-esp32 — ESP32 firmware
- aurora-home-app — Web & mobile application
- aurora-home-orange-pi — Orange Pi middleware
- aurora-home-documentation — This documentation site
- aurora-home-marketing — Marketing site
Out of scope
- Third-party libraries (report to their maintainers)
- Denial-of-service attacks
- Social engineering or phishing
- Issues requiring physical access to a device you do not own
Our commitment
We will not take legal action against researchers who act in good faith and follow this policy. We will acknowledge your contribution in the release notes (unless you prefer to remain anonymous).