Security updates are only applied to the latest minor release on the main branch.
At Stream we are committed to the security of our Software. We appreciate your efforts in disclosing vulnerabilities responsibly and we will make every effort to acknowledge your contributions.
Report security vulnerabilities at the following email address:
Do NOT open a public issue.
A representative of the security team will be in touch if more information is needed.
While we appreciate any information that you are willing to provide, please make sure to include the following:
- Which repository is affected
- Which branch, if relevant
- Be as descriptive as possible, the team will replicate the vulnerability before working on a fix.
Only code in this repository is in scope.
Third-party services (hosted demo, npm registry, etc.) are handled separately.