October 12, 2018. 12 days into Hacktoberfest and it’s been busier than ever on the repositories. On the main repo, 43 open, 104 closed. How the documentation team is still alive, I don’t know: 26 open, 234 closed. If you’ve opened a contribution that is pending a response, that’s probably because we’re busy elsewhere or are taking some well deserved rest.

Alright, new release, we got some cool stuff! Let’s start with our Lovelace UI. We have integrated into Lovelace UI some of the custom cards that our amazing community have built, making them easily accessible to all users. The cards are Gauge and Sensor:

Next up is a new way to get data into Home Assistant: webhooks. With the introduction of auth and with the introduction of long-lived access tokens, we realized that it’s still annoying to have to give full HA access to an app just to get a piece of information in Home Assistant. So with webhooks we can generate unique URLs that are inprobable to guess, and data delivered to the webhook will only go to the designated automation or component. This feature is available for component developers to integrate, or for users via the new automation webhook trigger.

Configuring IFTTT via th integrations panel.

On the devices side, we got basic support for the new IKEA TRÅDFRI switches, Honeywell evohome controllers (EU-based) and if you want to control your pool, you can now do that with the new AquaLogic integration.

New Platforms

• GitLab-CI sensor integration addition. (@DanielWinks - #16561) (sensor.gitlab_ci docs) (new-platform)
• Add support for Opple light (@jedmeng - #16765) (light.opple docs) (new-platform)
• Add (EU-based) Honeywell evohome CH/DHW controller (@zxdavb - #16427) (evohome docs) (climate.evohome docs) (climate.honeywell docs) (new-platform)
• Add webhook + IFTTT example (@balloob - #16817) (ifttt docs) (webhook docs) (new-platform)
• Add basic support for Tradfri switches (@ggravlingen - #17007) (tradfri docs) (switch.tradfri docs) (new-platform)
• Add AquaLogic component (@swilson - #16763) (aqualogic docs) (sensor.aqualogic docs) (switch.aqualogic docs) (new-platform)
• Overhaul of Blink platform (@fronzbot - #16942) (blink docs) (alarm_control_panel.blink docs) (binary_sensor.blink docs) (camera.blink docs) (sensor.blink docs) (breaking change) (new-platform)
• Tibber component and notify (@Danielhiversen - #17062) (notify docs) (tibber docs) (sensor.tibber docs) (breaking change) (new-platform)
• Add new component fritzbox binary_sensor (@hthiery - #17057) (fritzbox docs) (binary_sensor.fritzbox docs) (new-platform)
• Add a webhook automation trigger (@balloob - #17246) (automation.webhook docs) (beta fix) (new-platform)

Release 0.80.1 - October 15

• Fix automation editor (@armills)
• Fix arm/disarm calls. (@mbrrg - #17381) (alarm_control_panel.spc docs)
• Fix hangout.send_message requiring data key (@quazzie - #17393) (hangouts docs)
• Bugfix eventstream with EOF on end (@pvizeli - #17465) (api docs)
• Fix websocket API (@balloob - #17471) (websocket_api docs)

Release 0.80.2 - October 17

• Lovelace: Fix glance icon not updating
• Fix: Connection pool of Request object is smaller than optimal value (8) (@Anonym-tsk - #17483) (telegram_bot docs)
• Blink update - fixes #17316 (@fronzbot - #17538) (blink docs) (alarm_control_panel.blink docs) (binary_sensor.blink docs) (camera.blink docs) (sensor.blink docs)
• Home Assistant Cloud: Add another 3 days leeway to give time for payment processing times (@balloob - #17542) (cloud docs)

Release 0.80.3 - October 18

• Update hangups to 0.4.6 and fix Issue #16593 hangouts reconnects. (@hobbypunk90 - #17518) (hangouts docs)
• Update to async-upnp-client==0.12.5 (@StevenLooman - #17401) (upnp docs) (media_player.dlna_dmr docs)
• Upgrade async_upnp_client to 0.12.6 (@StevenLooman - #17560) (upnp docs) (media_player.dlna_dmr docs)
• Update snapcast to 2.0.9 (@balloob - #17573) (media_player.snapcast docs)

New Features

• Add faucet, shower, sprinkler, valve to HomeKit (@cdce8p - #17145) (homekit docs) (new-feature)

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat. The release notes have comments enabled but it’s preferred if you use the former communication channels. Thanks.

Reporting Issues

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

In October there will the Hacktoberfest. To celebrate and support Open Source, DigitalOcean, Twilio and GitHub are again organizing this event. Home Assistant will be part of it like in the last two years.

We would like to focus on those repositories. Browse through the bugs and fix one. This will get you started with contributing to an Open Source project in an easy way:

• Home Assistant Frontend
• Hass.io
• HassOS
• Hass.io CLI

We collected a bunch of entry-level bugs, features and documentation enhancements for two other repositories. Please stick to the open issues for now. We will add more during October:

• Home Assistant Easyfix collection
• Home Assistant Documentation Easyfix collection

If you submit five (5) Pull Requests during October, you will have earned yourself a limited edition Hacktoberfest T-shirt and a place on our credits list if you submit your Pull Requests for Home Assistant! Don’t worry you will be listed there no matter how many Pull Requests you’ve made.

We want to focus on new contributors and people who want to get started on working on an Open Source project.

Are you ready? Sign up for Hacktoberfest!

It’s time for another great release and we’re introducing a brand new feature: device registry. Thanks to @Kane610 for driving this effort. This allows integrations to tell Home Assistant not only about entities, but also which devices the entities represent. It also allows integrations to tell Home Assistant how a device is connected to Home Assistant. For example, a Hue light bulb is connected to Home Assistant via the Hue hub.

Screenshot showing several configured integrations in the configuration panel.

Adding devices to the mix allows us to do a lot of cool things. It allows us to group entities and show how they relate to one another. It will also allow us to inform the user if data leaves the home network and shows the firmware version that the device is running on.

Screenshot showing the devices of the iOS integration.

Devices can only be added by integrations that are configured via the integrations panel in the config panel. So we’ve also been expanding the integrations that support that. This release brings support to iOS, MQTT and Tradfri.

Screenshot showing how to configure MQTT via UI

And this is not all! There is so much more. In an effort to make the quality of an integration more clear, we’ve added an Integration Quality Scale. With this scale we’ll be able to clearly communicate to the user how good an integration is and it gives developers a list on how to improve it. Expect these levels to pop up in the integration list soon.

And did you think we forgot about auth? We did not. @awarecan has added a new multi-factor auth module that will send you a one-time authentication code to finish your login, with a notification service of your choice. PushBullet, Hangouts, iOS app, some obscure custom notification service using a shell script? It’s possible.

Oh, and yes, there is also some cool new integrations. Support has been added for Logi Circle camera’s, GeoJSON events and even a bank. More below 👇

New Platforms

• Add Huawei LTE router platform, device tracker, and sensor (@scop - #16498) (device_tracker docs) (huawei_lte docs) (sensor.huawei_lte docs) (new-platform)
• New EDP re:dy component (@abmantis - #16426) (new-platform)
• Jewish calendar sensor (@tsvi - #16393) (sensor.jewish_calendar docs) (new-platform)
• Added support for Starling Bank (@Dullage - #16522) (sensor.starlingbank docs) (new-platform)
• Add Call Data Log platform. Mailboxes no longer require media (@PhracturedBlue - #16579) (asterisk_mbox docs) (mailbox docs) (mailbox.asterisk_cdr docs) (mailbox.asterisk_mbox docs) (new-platform)
• Add Logi Circle component, camera and sensor platform (@evanjd - #16540) (logi_circle docs) (camera.logi_circle docs) (sensor.logi_circle docs) (new-platform)
• deCONZ cover support (@Kane610 - #16759) (cover docs) (deconz docs) (cover.deconz docs) (new-platform)
• GeoJSON platform (@exxamalte - #16610) (geo_location docs) (new-platform)
• Add linky sensor (@tiste - #16468) (new-platform)

Release 0.79.1 - September 30

• Optimize Ring Sensors platform setup (@awarecan - #16886) (binary_sensor.ring docs) (sensor.ring docs)
• Fix exception during history_stats startup (@amelchio - #16932) (sensor.history_stats docs)
• Override unique_id of NestActivityZoneSensor (@awarecan - #16961) (binary_sensor.nest docs)
• Fix ISY blocking bug (@OverloadUT - #16978) (light.isy994 docs)
• Bump zm-py to 0.0.4 (@rohankapoorcom - #16979) (zoneminder docs)

Release 0.79.2 - October 1

• Fix MQTT certificates (@balloob - #16999) (mqtt docs)
• Fix switch.zoneminder name (@rohankapoorcom - #17026) (switch.zoneminder docs)

Release 0.79.3 - October 2

• Use correct event loop on Windows, fixing SSL and Subprocess requests. (#16737, #17066 - @awarecan, @balloob)

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat. The release notes have comments enabled but it’s preferred if you use the former communication channels. Thanks.

Reporting Issues

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

Today marks the 5th anniversary of Home Assistant. I want to spend this post not only reflecting on the last 5 years, but also look at what is ahead of us, where we want to go, what we want Home Assistant to be.

Home Assistant wasn’t born out of ideology. I built it because I got some smart lights and wanted to script them. I made that script open source and it went from there. As Home Assistant has grown, so has the world around us, and so have I.

A lot of IoT products have been introduced since Home Assistant started. Sadly, the trend in these products is to send all data to the cloud and manage your house from there. I’ve come to realize that it’s not in the big corporations interest to make a product that focuses on privacy and local control. Our data is too useful for them.

I don’t like this trend. I don’t like seeing more and more of our data being hoarded by a few giant companies, centralizing it in a few systems and using it to influence how we’ll be treated online. It’s our lives, our data, and we should be in control. Not some algorithm optimized for engagement.

And so I want to introduce a goal for Home Assistant. A goal that will shape how the platform will evolve in the upcoming years.

It’s time for a new release and oh boy, what a time to be alive! Today marks our 5th (!!!) anniversary. That’s 5 years we’ve been bringing privacy focused and locally controlled home automation to your home. Happy birthday to us.

This release includes two new features for the auth system. The first one is long-lived access tokens. These are tokens that don’t expire and can be used in your scripts instead of API password. Instructions on how to create and use them can be found on your profile.

Also on your profile page is a new list of existing refresh tokens. These are all the tokens that are currently active for your account. If you ran into issues that the remember login dialog didn’t show, you might have a lot. Don’t worry, you can delete them all.

New Platforms

• Add temperature sensors to the velbus component (@Cereal2nd - #16203) (velbus docs) (sensor.velbus docs) (new-platform)
• Add Volkszaehler sensor (@fabaff - #16188) (sensor.volkszaehler docs) (new-platform)
• Switchmate (@Danielhiversen - #15535) (switch.switchmate docs) (new-platform)
• Add support for Habitica (@ASMfreaK - #15744) (habitica docs) (sensor.habitica docs) (new-platform)
• Geo Location component (@exxamalte - #15953) (feedreader docs) (geo_location docs) (new-platform)
• Add Cover to the Insteon component (@teharris1 - #16215) (insteon docs) (cover.insteon docs) (new-platform)
• switchbot (@Danielhiversen - #16396) (switch.switchbot docs) (new-platform)
• Add Yale Smart Alarm component (@domwillcode - #16377) (alarm_control_panel.yale_smart_alarm docs) (new-platform)
• Add OpenTherm Gateway climate platform (@mvn23 - #16299) (climate.opentherm_gw docs) (new-platform)

Release 0.78.1 - September 20

• Updates documentation repo URL in PR template (@frenck - #16537)
• SnmpSensor: Fix async_update (#16679) (@mtdcr - #16716) (sensor.snmp docs)
• Handle chromecast CONNECTION_STATUS_DISCONNECTED event (@awarecan - #16732) (media_player.cast docs)
• Upgrade netdisco to 2.1.0 (@awarecan - #16735)

Release 0.78.2 - September 21

• Fix discovery

Release 0.78.3 - September 22

• Bump gtts-token to 1.1.2 (@edif30 - #16775) (tts docs)

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat. The release notes have comments enabled but it’s preferred if you use the former communication channels. Thanks.

Reporting Issues

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

It’s time for a great new release and it includes a big change: the new authentication system has been activated! We’ve worked very hard on this for the last couple of months to make the transition as smooth as possible. Updating to this release is a non-breaking change (unless you had no API password configured). As can be seen in the video above, when you start Home Assistant after the update, you will be presented with our new onboarding flow. This will ask you to create a new account after which you will be able to log in to Home Assistant.

Once logged in, you will have access to the following new features:

• Change your password
• Configure multifactor authentication (TOTP)
• Manage other users (limited to account created during onboarding)

Although it’s possible to configure authentication, we strongly recommend to stick with the default authentication configuration. If you had auth providers configured in a previous Home Assistant release, we recommend to remove the configuration and start using the default.

It will take some time before all of the Home Assistant ecosystem has been migrated over to the new auth system. Home Assistant will print a warning whenever an application connects to Home Assistant with the legacy authentication. This will help users notify the application developers to transition to use the new OAuth2 authentication. For non-interactive scripts or other applications that are unable to update, we are planning to introduce a migration path for components to adopt url specific auth tokens and also introduce long lived access tokens to replace API passwords. A list of impacted components can be found here.

Our iOS app will soon be updated to work with the new auth. It’s already in testing. The old app will continue to work with the legacy API password support. It will however require a second login when using the webview.

If you are using a proxy server (NGINX etc) in front of Home Assistant to provide authentication, check this blogpost by @DubhAd how to make it work.

I want to say a biiiig thank you to all the people that have been involved in the development and testing of the new authentication system. It’s been a big project and it’s been great to see how we, as a community, have rallied together to tackle it. Especially a big shout out to @awarecan who has done an amazing job on this.

Hangouts

And that’s not it ! @hobbypunk90 has contributed a new integration for Google Hangouts. You can send messages but can also configure intents to handle incoming messages from specific people. Very cool!

Lovelace

You didn’t think we would forget about Lovelace, did you? This release include a new notification drawer thanks to @jeradM. It will collect all persistent notifications and configurator entities and shows it in a new sidebar toggleable from the toolbar.

New Platforms

• Netatmo public (@colinfrei - #15684) (sensor.netatmo_public docs) (new-platform)
• Add ecovacs component (@OverloadUT - #15520) (ecovacs docs) (vacuum.ecovacs docs) (new-platform)
• Add support for NOAA tide information (new PR) (@jcconnell - #15947) (sensor.noaa_tides docs) (new-platform)
• Hangouts (@hobbypunk90 - #16049) (hangouts docs) (notify docs) (new-platform)

Release 0.77.1 - August 29

• Fix trusted networks login error (@awarecan)
• Fix data_key override by parent class (@syssi - #16278) (binary_sensor.xiaomi_aqara docs)
• Fix error when vacuum is idling (@cnrd - #16282) (vacuum.xiaomi_miio docs)

Release 0.77.2 - August 31

• Correct wemo static device discovery issue. (@lamiskin - #16292) (wemo docs)
• Fix LIFX effects (@amelchio - #16309) (light.lifx docs)
• avoid error in debug log mode and rss entry without title (@exxamalte - #16316) (feedreader docs)
• Fix charts for climate devices (@jeradM)
• Fix header in Lovelace Glance cards (@balloob)
• Fix Profile page on Safari (@balloob)
• Fix redirect to login page on offline server (@balloob)

Release 0.77.3 - September 3

Frontend changes only:

• Ask “save login” after hass connected PR @awarecan
• Show an error when invalid client id or redirect uri PR @balloob
• Disable autocapitalization of username field PR @timmo001
• Upgrade MDI icons PR @balloob
• Update translations

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat. The release notes have comments enabled but it’s preferred if you use the former communication channels. Thanks.

Reporting Issues

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

This release includes a database migration to allow us to store context in the database. This will make it possible in the future to introduce attribution. For example, we’ll be able to say which user opened the garage door or which automation triggered the party mode at 3am.

The auth system is entering release candidate status 🎉. If nothing major is found, it will be enabled by default starting the next release (0.77) with backwards compatibility modus turned on. If you want to get ahead of the pack, you can already easily enable it now:

homeassistant:
  # add this part
  auth_providers:
   - type: homeassistant
   # uncomment this to enable backwards compatible API password support
   # - type: legacy_api_password

For iOS users, your frontend should be a lot faster. We had an issue that forced us to serve the frontend in compatibility mode, which is slower. We haven’t been able to solve the issue, but found a workaround. Race on 🏎.

Warning. If you are using the internal MQTT broker, we’ve had to make a change how the password is set. In the past it would automatically start the broker with the user homeassistant and a password equal to the API password. This is no longer the case and you need to configure it yourself now:

mqtt:
  password: mypass

New Platforms

• deCONZ - support for power plugs (@Kane610 - #15752) (deconz docs) (light.deconz docs) (switch.deconz docs) (breaking change) (new-platform)
• RitAssist / FleetGO support (@depl0y - #15780) (device_tracker docs) (new-platform)
• Add support for OpenUV binary sensors and sensors (@bachya - #15769) (openuv docs) (binary_sensor.openuv docs) (sensor.openuv docs) (new-platform)
• Add Enphase Envoy component (@jesserizzo - #15081) (sensor.enphase_envoy docs) (new-platform)
• Add media_player.dlna_dmr component (@StevenLooman - #14749) (media_player.dlna_dmr docs) (new-platform)
• Add PJLink media player platform (@benoitlouy - #15083) (media_player.pjlink docs) (new-platform)
• Add RMV public transport sensor (@cgtobi - #15814) (sensor.rmvtransport docs) (new-platform)

New Features

• Add and restore context in recorder (@balloob - #15859) (new-feature)

Release 0.76.1 - August 19

• No longer show “Store login” on each login when using API password (@balloob)
• Add forgiving add column (@balloob - #16057)
• Tuya fix login problem and add login platform param (@huangyupeng - #16058) (tuya docs)
• Add notify platforms to loaded components (@balloob - #16063) (notify docs)
• Column syntax fix + Add a file if migration in progress (@balloob - #16061)

Release 0.76.2 - August 21

• Forgiving add index in migration (@balloob - #16092)
• Fix push notifications toggle (@balloob)

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat. The release notes have comments enabled but it’s preferred if you use the former communication channels. Thanks.

Reporting Issues

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

And just like that, it’s August. Time is flying by. People all over the world have been busy to create this release for you. This release again a ton of cool new stuff.

First, let’s talk entity IDs. Entity IDs are how we identify entities in automations and scripts. They start with the domain and end with an object id, for example: light.kitchen. Or, if you’re unlucky light.node_2_2_abc. With this release, it will now be possible to manage entity IDs of entities via the UI! Just as with changing the name, it requires that the integration is able to supply a unique ID for each entity.

Screenshot of the new user interface to change entity IDs.

This release also includes a bunch more Tuya integrations thanks to @huangyupeng. And thanks to @peternijssen we’re now also able to talk with Spider thermostats and plugs.

New Platforms

• Add Tuya climate platform (@huangyupeng - #15500) (tuya docs) (climate.tuya docs) (new-platform)
• Add Tuya fan support (@huangyupeng - #15525) (tuya docs) (fan.tuya docs) (new-platform)
• Add Tuya cover and scene platform (@huangyupeng - #15587) (tuya docs) (cover.tuya docs) (scene.tuya docs) (new-platform)
• Add support for Tahoma Smoke Sensor (@fucm - #15441) (tahoma docs) (binary_sensor.tahoma docs) (new-platform)
• Add Brunt Cover Device (@eavanvalkenburg - #15653) (cover.brunt docs) (new-platform)
• Add spider thermostat (@peternijssen - #15499) (climate.spider docs) (new-platform)
• Add spider power plug component (@peternijssen - #15682) (spider docs) (switch.spider docs) (new-platform)
• Add support for P5 FutureNow light platform (@juhaniemi - #15662) (light.futurenow docs) (new-platform)
• Add Magicseaweed API support (@jcconnell - #15132) (sensor.magicseaweed docs) (new-platform)
• Add a component for Sisyphus Kinetic Art Tables (@jkeljo - #14472) (sisyphus docs) (light.sisyphus docs) (media_player.sisyphus docs) (new-platform)
• Add Genie Aladdin Connect cover component (@shoejosh - #15699) (cover.aladdin_connect docs) (new-platform)

Release 0.75.1 - August 4

• Upgrade Adafruit-DHT to 1.3.3 (@superpuffin - #15706) (sensor.dht docs)
• Fix rfxtrx device id matching (@Danielhiversen - #15819) (rfxtrx docs)
• Fix custom panel and Hass.io panel (@balloob)

Release 0.75.2 - August 6

• Upgrade voluptuous to 0.11.5 (@fabaff - #15830)
• Fix envisalink reconnect (@Cinntax - #15832) (envisalink docs)

Release 0.75.3 - August 9

• Fix downgrade hassio cannot get refresh_token issue (@awarecan - #15874) (hassio docs)

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat. The release notes have comments enabled but it’s preferred if you use the former communication channels. Thanks.

Reporting Issues

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

It’s time for Home Assistant 0.74! 🎉

This week we heard that Guido van Rossum, the founder of Python, is taking a permanent vacation as the leader of Python after being at the helm for almost 30 years. Guido has not been directly involved with Home Assistant. However he created Python and was part of the team that built asyncio, technologies that power the foundation of Home Assistant and what makes us so fast and robust. Under Guido’s guidance, the Python community has grown out to be very friendly and open. A great inspiration for us and other tech communities out there. Thanks for all you have done Guido!

Paulus & Guido at PyCon US 2018

All right, back to Home Assistant. The last release introduced a tech preview of the new user system. The initial preview still required creating users via the command line. In the last two weeks, we’ve worked hard on adding support for an onboarding wizard and a user management interface. A walkthrough of the new features can be found below. Thanks to @awarecan and @jeradM for all their work!

To try it out today, read these instructions. The user system is still in tech preview. We’ve moved fast to get where we are today. The next step is that we need to take a step back and look at the system as a whole to make sure it’s robust and ready for prime time.

We keep seeing great examples of UIs built with Lovelace. Follow us on social media (FB, Twitter) where we will keep sharing great examples.

To help our development and design teams, we’ve also introduced a Lovelace card gallery.

Thanks to @c727, @jeradM and @ciotlosm for leading this effort ❤️

I’m happy to announce that this release introduces support for Tuya thanks to @huangyupeng. Tuya produces cheap cloud-enabled devices that are sold under a wide variety of brand names across the globe, and now they work with Home Assistant too!

New Platforms

• Add Tuya component and switch support (@huangyupeng - #15399) (tuya docs) (switch.tuya docs) (new-platform)
• Add Tuya light platform (@huangyupeng - #15444) (tuya docs) (light.tuya docs) (new-platform)
• Added support for Duke Energy smart meters (@w1ll1am23 - #15165) (new-platform)
• Added Push Camera (@dgomes - #15151) (camera.push docs) (new-platform)
• Add Cloudflare DNS component. (@ludeeus - #15388) (cloudflare docs) (new-platform)
• Add HomematicIP alarm control panel (@mxworm - #15342) (alarm_control_panel docs) (homematicip_cloud docs) (alarm_control_panel.homematicip_cloud docs) (new-platform)

Release 0.74.1 - July 24

• Bugfix HomeKit name and serial_number (@cdce8p - #15600) (homekit docs)
• Use case insensitive comparison for Sonos model check (@amelchio - #15604) (media_player.sonos docs)
• Frontend component should auto load auth coomponent (@awarecan - #15606) (frontend docs)
• Cast/Sonos: create config entry if manually configured (@balloob - #15630) (cast docs) (sonos docs)

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat. The release notes have comments enabled but it’s preferred if you use the former communication channels. Thanks.

Reporting Issues

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

Today we are releasing 0.73.2 to fix a security incident. We’ve discovered that 9 months ago, with the release of Home Assistant 0.56, we misconfigured the SSL context that aiohttp used (PR). By trying to do the right thing (use an up to date cert store instead of relying on the system certs), we ended up doing the complete opposite: SSL verification was disabled for outgoing requests that were done using the shared aiohttp session. This is our fault, and not aiohttp’s faults. The impact of this is that certain integrations in Home Assistant have been susceptible to man in the middle attacks.

A man in the middle attack is when an attacker is able to inject itself between you and the server you’re communicating with, allowing it to read and alter the communication. The odds of this happening at home is very rare, yet we wanted to be transparent about this incident.

After research, the following integrations have been impacted. Although the odds are extremely small, we still suggest that if you use any of these integrations, to create new API keys or change your password.

• climate.sensibo
• cloud (only short lived tokens impacted)
• device_tracker.automatic
• duckdns
• freedns
• google_assistant (manual setup)
• google_domains
• homematicip_cloud
• image_processing.openalpr_cloud
• microsoft_face
• namecheapdns
• no_ip
• notify.flock
• notify.prowl
• rest_command
• scene.lifx_cloud
• switch.rest
• telegram_bot.polling
• tts.voicerss

Also impacted, but integrations are read only:

• sensor.airvisual
• sensor.ebox
• sensor.fido
• sensor.foobot
• sensor.hydroquebec
• sensor.startca
• sensor.teksavvy
• sensor.thethingsnetwork
• sensor.tibber
• sensor.waqi

If you are running Home Assistant on a system with Python 3.4, we’ve created a new release 0.64.4b0 with the patch applied. We have made it available as a beta. To install the pre-release run python3 -m pip install homeassistant==0.64.4b0.