We provide security updates for the following versions of PrivaStream:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of PrivaStream seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please send an email to privastream.opensource@gmail.com with the following information:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (if available)
- We will acknowledge receipt of your vulnerability report within 48 hours
- We will provide a detailed response within 7 days indicating next steps
- We will keep you informed of our progress towards fixing the vulnerability
- We may ask for additional information or guidance during our investigation
When using PrivaStream:
- Data Privacy: Ensure processed video/audio data is handled according to your privacy requirements
- Model Security: Only use trusted model files from verified sources
- Network Security: Secure WebRTC connections in production environments
- Access Control: Implement proper authentication for web interfaces
- Updates: Keep dependencies updated to patch known vulnerabilities
This security policy applies to:
- Core PrivaStream application code
- Web interface components
- AI model inference pipelines
- Configuration and deployment scripts
- Third-party dependencies (report to upstream maintainers)
- Issues requiring physical access to the system
- Social engineering attacks
- Issues in development or testing environments
When we receive a security bug report, we will:
- Confirm the problem and determine affected versions
- Audit code to find any similar problems
- Prepare fixes for supported versions
- Release security patches as soon as possible
- Publish a security advisory on GitHub
We appreciate the security research community's efforts to improve the security of open source projects. Contributors who responsibly disclose security vulnerabilities will be acknowledged in our security advisories (unless they prefer to remain anonymous).