home-assistant/supervisor
1
0
Fork 0
mirror of https://github.com/home-assistant/supervisor.git synced 2026-06-18 09:59:51 -05:00
Code Issues Packages Projects Releases 484 Wiki Activity
5,739 Commits 43 Branches 520 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Stefan Agner 1857753e22 Redact app options in info for unprivileged apps (#6953) 
The `/addons/{slug}/info` endpoint returned the target app's user options,
which can contain secrets such as passwords and API keys. The security
middleware grants every role (including the default role) access to any
`/.+/info` path, so an installed app with `hassio_api: true` and the default
role could read another app's options simply by requesting its info.

Redact the options field in info_data() unless the caller is entitled to see
it: Home Assistant Core (and other non-app internals), the app reading its
own info, or an app with the manager or admin role. Other apps reading a
different app's info now receive an empty options dict while all non-secret
metadata stays available for discovery. This mirrors the existing self-only
restriction on the dedicated /options/config endpoint.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-18 14:54:57 +02:00
.devcontainer
.github
.vscode
rootfs/etc
script
supervisor
Redact app options in info for unprivileged apps (#6953)
2026-06-18 14:54:57 +02:00
tests
Redact app options in info for unprivileged apps (#6953)
2026-06-18 14:54:57 +02:00
wheels
.dockerignore
.gitignore
.hadolint.yaml
.pre-commit-config.yaml
.vcnignore
AGENTS.md
CLAUDE.md
codecov.yaml
Dockerfile
LICENSE
MANIFEST.in
pyproject.toml
README.md
requirements_tests.txt
requirements.txt
Bump sentry-sdk from 2.62.0 to 2.63.0 (#6952)
2026-06-17 10:23:03 +02:00
setup.py
tox.ini

README.md

Home Assistant Supervisor

First private cloud solution for home automation

Home Assistant (former Hass.io) is a container-based system for managing your Home Assistant Core installation and related applications. The system is controlled via Home Assistant which communicates with the Supervisor. The Supervisor provides an API to manage the installation. This includes changing network settings or installing and updating software.

Installation

Installation instructions can be found at https://home-assistant.io/getting-started.

Development

For small changes and bugfixes you can just follow this, but for significant changes open a RFC first. Development instructions can be found here.

Release

Releases are done in 3 stages (channels) with this structure:

  1. Pull requests are merged to the main branch.
  2. A new build is pushed to the dev stage.
  3. Releases are published.
  4. A new build is pushed to the beta stage.
  5. The stable.json file is updated.
  6. The build that was pushed to beta will now be pushed to stable.

Home Assistant - A project from the Open Home Foundation

Reference in New Issue View Git Blame Copy Permalink
Description
🏡 Home Assistant Supervisor
dockerhacktoberfesthome-assistanthome-automationorchestratorpython
Readme Apache-2.0 541 MiB
Releases 484
2025.09.0 Latest
2025-09-05 03:31:12 -05:00
Languages
Python 95.8%
JavaScript 4.1%