v0.15.4
Security hardening, reliability & code quality
Security
- FCM credentials stored via HA Store API (
.storage/) instead of plaintext files - Password field masked in config flow UI
- Recursive log redaction for sensitive tokens at all nesting levels
- Temp file writes use atomic fd operations (no TOCTOU race)
- CI workflow restricted to
contents: readpermissions
Reliability
- Public
get_access_token()with auto-reauthentication replaces direct private attribute access - Config migration v1→v2 auto-promotes entries with all required fields
- 10-second grace period after FCM listener startup prevents phantom doorbell rings on reload
- Recording cleanup uses portable
hass.config.media_dirsand runs off the event loop
Scripts
extract_credentials.py: fixes PRO environment detection, local Byte variable resolution, Androidstrings.xmlparsing,base_urlderivation fromauth_url
Full changelog: https://github.com/bvis/fermax-blue-hass/blob/main/CHANGELOG.md