search

truecharts / public

Community Helm Chart Repository
https://truecharts.org
GNU Affero General Public License v3.0
1.16k stars 615 forks source link

zigbee2mqtt - enabling joining by default is not secure #17562

Closed tannisroot closed 10 months ago

tannisroot commented 10 months ago

App Name

zigbee2mqtt

Operating System

TrueNAS SCALE 23.10.1

App Version

1.35.1

Application Events

Not applicable

Application Logs

Not applicable

Application Configuration

image

Describe the bug

By default, the chart is configured to enable joining when it starts using ZIGBEE2MQTT_CONFIG_PERMIT_JOIN, leaving the network in a perpetual open to joining state, which is extremely unsecure as it opens the network to malicious devices. Some users may not realise this and leave the option by default and not notice anything is wrong. Ideally, the option should be removed altogether, since joining is handled excellently by zigbee2mqtt GUI.

To Reproduce

  1. Install a zigbee2mqtt chart
  2. See that the ZIGBEE2MQTT_CONFIG_PERMIT_JOIN is enabled by default
  3. Install the chart, open zigbee2mqtt to see that it starts up with joining by default

Expected Behavior

zigbee2mqtt should start up with the network closed for new devices.

Screenshots

Already shared above

Additional Context

None

I've read and agree with the following

truecharts-admin commented 1 month ago

This issue is locked to prevent necro-posting on closed issues. Please create a new issue or contact staff on discord of the problem persists