π Note: iot-dc3 is a distributed Internet of Things (IoT) platform that involves device access, data collection, and command dispatch. Security issues not only affect system operation but may also cause data or control risks. Please pay close attention to security configuration and version updates.
We usually provide security patches and updates only for the mainline versions that are currently actively maintained.
The following table lists the iot-dc3 versions that are currently supported with security updates:
| Version | Supported |
|---|---|
| 2025.9.x | β |
| 2025.6.x | β |
| 2025.x.x | β |
We take security issues very seriously.
If a vulnerability is verified, we will fix it as soon as possible and disclose the fix information in the release notes.
If you find a potential security vulnerability while using iot-dc3, do not disclose it publicly in issues or discussion areas, but report it through the following private channels:
-
Email report:
Send an email to the project maintenance team, and please include the keywordSecurity Vulnerabilityin the subject line. -
Direct message report:
You can directly contact the project maintainers through the private message function on Gitee or GitHub.
To ensure the security and stability of the iot-dc3 platform in production environments, it is recommended to follow these practices:
- β Always use supported versions;
- π« Do not expose core communication ports (such as MQTT, TCP, Modbus gateways) directly to the public network;
- π Use secure authentication mechanisms and enable HTTPS / SSL encryption;
- π Regularly update system dependencies and Docker images;
- 𧩠Only authorize trusted devices and users to access the system;
- π Apply the principle of least privilege and perform access auditing on external interfaces.