Security issue

[manuxio]

Checklist

• I am using the latest version of Alarmo (latest version can be found here)
• I checked for similar existing requests (both open and closed) before posting.

Alarmo Version

1.10.7

HA Version

2025.1

Bug description

Hello,
how should I report what I think is a security issue?

Steps to reproduce

Cannot reproduce, it's a logical issue

Relevant log output

No response

[nielsfaber]

Feel free to share your concerns.

[nielsfaber]

Thanks for letting me know. I took note of your concerns, I will investigate this later. At this point I’m not sure if this can be improved from within alarmo or is related to HA itself. I will get back to you once I found out.

[manuxio]

Thanks for letting me know. I took note of your concerns, I will investigate this later. At this point I’m not sure if this can be improved from within alarmo or is related to HA itself. I will get back to you once I found out.

I am not an HA expert... I am looking at the docs. I think there must be a way to find the user of a post request...
I'll get in touch if I have some info that might help...
Have a good day

[manuxio]

Hello?
Any news on that?
I think I might give it a shot... would you eventually consider some PR?

[nielsfaber]

No news on this.
I have no time available in the upcoming weeks, due to private priorities.
It would be very helpful if you can investigate this yourself and open a PR for a solution.

[manuxio]

No news on this. I have no time available in the upcoming weeks, due to private priorities. It would be very helpful if you can investigate this yourself and open a PR for a solution.

Due to the nature of the issue, I would prefer to use a private PR in order to not publish the details of the issue.
We'll see if time allows...
M.