PHP Classes

File: SECURITY.md

Recommend this page to a friend!
  Packages of Gianfrancesco Aurecchia   OPC UA Client   SECURITY.md   Download  
File: SECURITY.md
Role: Auxiliary data
Content type: text/markdown
Description: Auxiliary data
Class: OPC UA Client
Control devices that support the OPC UA protocol
Author: By
Last change:
Date: 16 days ago
Size: 1,577 bytes
 

Contents

Class file image Download

Security Policy

Supported Versions

| Version | Supported | |---------|-----------| | 4.x | Yes | | 3.x | No | | 2.x | No | | 1.x | No |

Reporting a Vulnerability

If you discover a security vulnerability in this library, please report it responsibly.

Do not open a public issue. Instead, send an email to gianfri.aur@gmail.com with:

  • A description of the vulnerability
  • Steps to reproduce
  • The affected version(s)
  • Any potential impact assessment

You should receive an acknowledgment within 48 hours. From there, we'll work together to understand the scope and develop a fix before any public disclosure.

Scope

This policy covers the php-opcua/opcua-client library itself. For vulnerabilities in dependencies or related packages, please report them to the respective maintainers:

Security Considerations

OPC UA is used in industrial environments where security matters. This library implements the full OPC UA security stack (6 security policies, 3 security modes, X.509 certificate authentication). When deploying in production:

  • Use `SecurityPolicy::Basic256Sha256` or stronger
  • Use `SecurityMode::SignAndEncrypt`
  • Provide proper CA-signed certificates (don't rely on auto-generated self-signed certs)
  • Keep PHP and OpenSSL up to date