The following versions of PulseMind are currently supported with security updates:
| Version | Supported | Maintenance Status |
|---|---|---|
| 2.1.x | ✅ | Active development |
| 2.0.x | ✅ | Security patches only |
| 1.2.x | ❌ | End-of-life (no longer supported) |
| < 1.2 | ❌ | End-of-life |
-
ESP32 Firmware:
- Secure WiFi connection (WPA2)
- GitHub API token encryption
- Data transmission via HTTPS
-
Web Dashboard:
- Content Security Policy (CSP) implemented
- Data sanitization for all user inputs
- Secure HTTP headers (HSTS, XSS Protection)
-
Data Storage:
- GitHub repository with private visibility option
- Base64-encoded data payloads
- Access control via personal access tokens
We take security vulnerabilities seriously. If you discover a security issue in PulseMind, please follow this responsible disclosure process:
-
Initial Report:
- Email security concerns to: [email protected]
- Subject line: "PulseMind Security Vulnerability"
- Include:
- Detailed description of the vulnerability
- Steps to reproduce
- Any proof-of-concept code
- Suggested fixes (if available)
-
Response Timeline:
- Acknowledgement within 48 hours
- Initial assessment within 5 business days
- Patch development timeline communicated within 10 business days
-
Public Disclosure:
- Vulnerabilities will be disclosed publicly after being addressed
- Credit will be given to reporters (unless requested otherwise)
-
Critical Vulnerabilities:
- Patches released within 72 hours of confirmation
- Automatic version bump and notification
-
High Severity:
- Patches within 14 days
- Version update in next scheduled release
-
Medium/Low Severity:
- Addressed in next scheduled release cycle
-
Hardware Security:
- Change default WiFi credentials before deployment
- Rotate GitHub tokens quarterly
- Use hardware encryption modules for production deployments
-
Software Security:
// Always validate sensor readings float readGSR() { float raw = analogRead(ADC_PIN); if(raw < 0 || raw > 4095) { logError("Invalid sensor reading"); return NAN; } // ... rest of processing } -
Dashboard Security:
- Implement authentication for the web interface
- Use HTTPS for all connections
- Regularly audit third-party dependencies
| Vulnerability | Affected Versions | Patched In | Severity |
|---|---|---|---|
| Plaintext token storage | < 2.0.0 | 2.0.1 | High |
| Missing data validation | < 1.2.3 | 1.2.4 | Medium |
| XSS in dashboard | 2.0.0-2.0.3 | 2.0.4 | Critical |
Subscribe to our security announcements by watching the GitHub repository. All security releases will be tagged with [SECURITY] in the release notes.
For additional security guidance specific to your deployment scenario, please contact our security team at [email protected].