The following versions of BunkerM are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.1.x | ✅ |
| 1.0.x | ✅ |
| < 1.0 | ❌ |
I take the security of BunkerM seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly until it has been addressed.
- Submit your findings via email to m.idrissi@bunkeriot.com with the subject line "BunkerM Security Vulnerability".
- Include detailed information about the vulnerability:
- Description of the issue
- Steps to reproduce
- Potential impact
- Version of BunkerM where you discovered the issue
- Any relevant screenshots or logs
- Initial Response: I aim to acknowledge receipt of your vulnerability report within 48 hours.
- Status Updates: You will receive updates as I work on addressing the vulnerability.
- Resolution Timeframe: My goal is to resolve critical vulnerabilities within 14 days of verification.
- Credit: With your permission, I will credit you for the discovery in the release notes.
BunkerM includes several security features to protect your MQTT broker:
- API Key authentication for all management endpoints
- HTTPS/TLS encryption for the web interface
- Integration with Mosquitto's Dynamic Security for access control
- Configuration options to disable anonymous access