If you discover a security vulnerability in FUXA, please report it privately by email:
Please do not open a public GitHub issue for security vulnerabilities.
We will acknowledge receipt of your report as soon as possible and investigate the issue.
Responsible disclosure helps us fix vulnerabilities before they are publicly disclosed.
FUXA is an industrial SCADA/HMI platform intended to run in trusted environments managed by system administrators.
Certain features such as server-side scripting, automation logic, or device integrations are intentional capabilities of the platform and not considered vulnerabilities when used as designed.
Security reports should focus on unintended access, privilege escalation, authentication bypass, or data exposure.
The latest stable release of FUXA is the only version that receives security updates.
Before reporting a vulnerability, please verify that the issue still exists in the latest version.
Security fixes are released as part of normal version releases.
When appropriate, security-related fixes will be documented in the release notes.
Thank you for helping improve the security of FUXA.