ESPConnect is under active development.
Security fixes are applied only to the latest released version available in the main branch.
If you are running an older version, please update before reporting a security issue.
To report a vulnerability, please email thelastoutpostworkshop@gmail.com.
Please include as much information as possible:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected versions (if known)
- Any proof-of-concept or screenshots (if applicable)
This security policy applies to:
- The ESPConnect web application
- Its interaction with ESP32 devices via WebSerial / USB
- Included tooling such as flashing, backup, restore, and filesystem features
It does not cover:
- Security vulnerabilities in third-party libraries or browser implementations
- Issues caused by modified or unsupported firmware running on the ESP32
We appreciate responsible disclosure and the efforts of security researchers and contributors who help keep ESPConnect safe for everyone.
Thank you for helping improve the security of this project.