The following versions of our software and systems are currently supported for security updates:
| Version | Supported | Notes |
|---|---|---|
5.1.x |
β β | Active development and security patches |
5.0.x |
β β | Deprecated; upgrade strongly recommended |
4.0.x |
β β | Maintenance-only support |
< 4.0 |
β β | No longer maintained |
Security is at the core of everything we build. If you believe you have discovered a security vulnerability, please report it responsibly using the steps below.
Please send all vulnerability disclosures to our dedicated security email:
[email protected]
Alternatively, submit securely via https://pcwprops.com/disclosure (requires login).
Do not publicly disclose issues until we have responded with a resolution or timeline.
You can expect a reply within 72 hours. We commit to the following response workflow:
- π Acknowledgement of the report
- π§ͺ Verification and triage
- π οΈ Fix planning and internal patching
- π£ Disclosure timeline and CVE assignment (if applicable)
We believe in coordinated disclosure and will work with you to release any advisories responsibly.
We actively monitor and maintain the security of all repositories and services related to:
Terraforminfrastructure modulesCloudflarefirewall and DNS configurationsUniFiIdentity SSO, VPN, and Zone Firewall policiesHome Assistantintegrations and APIsWordPressplugin code, templates, and custom themesQuickBooksautomation templates and app integrations- All codebases hosted within the
PCWProps,PCWIntegrates, anddynamicmarching.comorganizations
All systems follow these security practices:
- β Secrets management via 1Password Connect Server
- β
API tokens never stored in code or
.envfiles - β CI/CD audit trails with permission reviews
- β SSH key rotation and access revocation via GitHub SSO
- β Zero Trust policies applied via Cloudflare Gateway & Access
π For developers: see our CONTRIBUTING.md for secure coding practices, or reach out to the DevSecOps lead via Slack or email.
Stay secure,
The PCW Security & DevOps Team