Please do not report security vulnerabilities through public GitHub issues.

Instead, contact the maintainers directly via the MeshCore Canada Discord server: MeshCore Canada Discord — reach out to dedskelly directly. Include as much detail as possible: the nature of the issue, steps to reproduce, and any potential impact.

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 14 days depending on severity.

Once a fix is released we will publish a security advisory on the repository.

Beacon is intended for deployment on trusted internal networks behind a reverse proxy. There is currently no authentication layer. Please bear this in mind when assessing the severity of any findings.