# Security Policy

## Reporting a Vulnerability

Security is very important to us.

If you have discovered a security issue, please contact miroslav.pejic.85@gmail.com directly. Please refrain from directly creating a GitHub issue and publicly disclosing the vulnerability.
We prefer a Coordinated Vulnerability Disclosure (CVD) to properly understand and fix the root cause problem.

Your report should include:

- Product version ([GitHub](https://github.com/miroslavpejic85/mirotalksfu/commits/main) commit hash or [DockerHub](https://hub.docker.com/r/mirotalk/sfu) sha256 digest hash)
- The affected component if possible (RoomClient.js, Server.js, etc.)
- A vulnerability description
- Reproduction steps

A member of the security team will confirm the vulnerability, determine its impact, and develop a fix.
The fix will be applied to the master branch, tested, and packaged in the next security release.

Thanks in advance for your support to make our products safer!

---

## 🙏 Acknowledgements

We would like to extend our gratitude to the following individuals for their responsible disclosure of security vulnerabilities:

| Name                   | Contact                                                                       |
| ---------------------- | ----------------------------------------------------------------------------- |
| `Hendrik Siewert`      | hendrik.siewert@upb.de                                                        |
| `Caio Fook`            | https://github.com/caiofook                                                   |
| `Nishant Jain`         | https://twitter.com/realArcherL                                               |
| `Florian LELEU`        | https://hosting.cognix-systems.com                                            |
| `Nozomu Sasaki (Paul)` | https://github.com/morimori-dev \| https://www.linkedin.com/in/nozomu-sasaki/ |

Their dedication to security has contributed to the continuous improvement of our systems, ensuring the safety and privacy of our users and data.