Security
Security
Reporting Vulnerabilities
If you discover a security vulnerability in OpenCloudTouch, please report it responsibly:
- Preferred: GitHub Private Vulnerability Reporting
- Email: security@opencloudtouch.org
Caution
Do NOT create public GitHub issues for security vulnerabilities. Use the private channels above.
What Happens Next
- Your report will be acknowledged within 48 hours
- A fix will be developed privately
- A security advisory will be published after the fix is released
- You will be credited (unless you prefer otherwise)
Scope
OpenCloudTouch runs on your local network. The primary attack surface is:
- REST API (port 7777)
- SSDP/mDNS multicast listeners
We take all reports seriously, even for local-network-only services.
Last updated on