EdgeSieve is currently early-stage software. Security fixes are applied to the main branch until versioned releases are introduced.

Please report vulnerabilities privately with GitHub Security Advisories for this repository. Do not open a public issue for sensitive reports.

Helpful reports include:

• A short description of the issue.
• Steps to reproduce.
• Impact and affected configuration.
• Any relevant logs with UUIDs, tokens, subscription YAML, and IP addresses redacted.

• Treat generated subscription YAML as secret material.
• By default the service stores a generated admin token in DATA_DIR/admin-token (/data/admin-token in Docker). If ADMIN_TOKEN is set manually, use a strong random value.
• Admin APIs accept Authorization: Bearer or the login cookie only; do not put admin tokens in URLs.
• Keep the default Compose port mapping bound to 127.0.0.1 unless the app is behind trusted reverse-proxy authentication.
• The default Compose deployment does not mount the Docker socket. Web UI one-click updates download the edge-sieve binary from GitHub Releases into /data/runtime/releases/<version>-*/edge-sieve; the in-container supervisor starts it only when the update state, container identity, version, and /healthz check match, so protect the admin token and allow only trusted administrators to trigger updates.
• Use a high-entropy subscription token before exposing /sub.yaml outside a trusted network.
• Do not paste real UUIDs, tokens, or generated subscriptions into public issues.