Core

v1.0.2 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 13d Network Security

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 3 known CVEs

Topics

alternative blink camera e2ee end-to-end-encrypted end-to-end-encryption

+14 more

home home-security ip-camera local-ai nest pi privacy privacy-tools raspberry raspberrypi ring security security-camera self-hosted

Affected surfaces

auth rbac crypto_tls

ReleasePort's take

Light signal

editorial:auto 11d

Secluso v1.0.2 adds a deploy tool for Raspberry Pi images and migrates MLS encryption to post‑quantum ciphers.

Why it matters: Post‑quantum MLS mitigates harvest‑now decrypt‑later attacks, enhancing long‑term security for encrypted communications.

Summary

AI summary

Secluso OS, Deploy tool, mobile app redesigns (iOS/Android) and post‑quantum MLS encryption are introduced.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Replaces OpenSSL usage in camera hub and updater with Rust code for memory‑safety. Replaces OpenSSL usage in camera hub and updater with Rust code for memory‑safety. Source: llm_adapter@2026-05-23 Confidence: high	—
Security	Medium	Migrates MLS encryption to post‑quantum cipher suite to mitigate harvest‑now decrypt‑later attacks. Migrates MLS encryption to post‑quantum cipher suite to mitigate harvest‑now decrypt‑later attacks. Source: llm_adapter@2026-05-23 Confidence: low	—
Feature
Feature	Medium	Adds Secluso Deploy application for provisioning Raspberry Pi images across MacOS, Linux, Windows. Adds Secluso Deploy application for provisioning Raspberry Pi images across MacOS, Linux, Windows. Source: llm_adapter@2026-05-23 Confidence: high	—
Feature	Medium	Adds custom Secluso OS Yocto image as minimal reproducible Raspberry Pi base. Adds custom Secluso OS Yocto image as minimal reproducible Raspberry Pi base. Source: llm_adapter@2026-05-23 Confidence: high	—
Feature	Medium	Adds updater for camera_hub and server binaries with GPG signature verification. Adds updater for camera_hub and server binaries with GPG signature verification. Source: llm_adapter@2026-05-23 Confidence: high	—
Feature	Medium	Enables code support for multiple mobile clients paired with a single camera (UI not yet added). Enables code support for multiple mobile clients paired with a single camera (UI not yet added). Source: llm_adapter@2026-05-23 Confidence: high	—
Feature	Medium	Makes Firebase Cloud Messaging optional; iOS uses Secluso iOS Notification Relay, Android uses UnifiedPush. Makes Firebase Cloud Messaging optional; iOS uses Secluso iOS Notification Relay, Android uses UnifiedPush. Source: llm_adapter@2026-05-23 Confidence: low	—
Feature	Medium	Redesigns mobile app UI for improved aesthetics. Redesigns mobile app UI for improved aesthetics. Source: llm_adapter@2026-05-23 Confidence: low	—
Bugfix	Medium	Adds additional test cases and various bug fixes for improved functionality. Adds additional test cases and various bug fixes for improved functionality. Source: llm_adapter@2026-05-23 Confidence: low	—
Bugfix	Low	Adds additional test cases and various bug fixes across core, mobile_client, and OS repositories. Adds additional test cases and various bug fixes across core, mobile_client, and OS repositories. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—

Full changelog

Secluso v1.0.2

Full Changelog: https://github.com/secluso/core/compare/v0.1.0...v1.0.2

After 8 months of hard effort, we are now releasing a complete revamp of our entire software stack, as well as the addition of "Secluso OS", "Secluso Deploy", and a complete re-design of our mobile app (and our mobile app is now available on iOS App Store and Google Play Store!). Please see the list of highlights below for a brief overview of these changes. We are excited to finally do this, and look forward to feedback from you all. Please make a GitHub issue for any problems, or email us at [email protected] regarding any concerns. We are happy to help you get set up if you have any questions!

We have also put together a guide helping people get set up with the Secluso Deploy Tool, as well as source hardware to use with this project. Please see here for more information: Build Your Own Guide. This includes a video of how to set up a self-hosted relay and the links to our mobile apps.

Highlights

We have put together a "Secluso Deploy" application, which is completely reproducible, for MacOS, Linux, and Windows, that helps you easily provision an image for your Raspberry Pi, and can configure a self-hosted relay with ease for you. This can be accomplished within 5 minutes with no technical knowledge needed.
We have put together a custom "Secluso OS" image using Yocto, which is a minimal and reproducible Raspberry Pi image that Secluso Deploy uses, which contains our software stack. In future releases, we plan to further minimize this, make the root partition immutable, harden the kernel, as well as many other security improvements, which the regular Raspberry Pi image does not offer.
We have added an updater for our camera_hub and server binaries. It checks for immutable releases and that they are signed by the maintainer GPG keys (and thus, all releases including this one are signed by both John and Ardalan, as seen in the .asc files)
We have made Firebase Cloud Messaging (FCM) completely optional. Now iOS uses a public Secluso iOS Notification Relay, which is more privacy preserving, and we offer UnifiedPush on Android.
The camera hub and updater no longer use OpenSSL. They now use Rust code, which helps avoid memory-safety security issues.
We have migrated to a post-quantum cipher suite for MLS encryption to avoid "harvest now, decrypt later" attacks.
We have completely re-designed the mobile app to look much nicer.
The code in this repository now supports multiple mobile clients being paired with a camera. However, we have not added the interface in the mobile app to support this.

In addition to all of these changes, we have made security improvements, bug fixes and added some test cases to ensure proper functionality. We have also outlined future work in GitHub issues in our core, mobile_client and OS repository on further improvements to be made. We welcome contributors to join us in our mission to provide a truly secure, private and accessible camera to all.

As always, this release is fully reproducible. Please see our README for discussion on how to verify.

Best,
John and Ardalan

Security Fixes

Camera hub and updater migrated from OpenSSL to Rust code to avoid memory‑safety issues
MLS encryption upgraded to a post‑quantum cipher suite to mitigate harvest‑now decrypt‑later attacks
Firebase Cloud Messaging (FCM) made optional; iOS now uses Secluso iOS Notification Relay for privacy

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Core

Get notified when new releases ship.

About Core

All releases →