Please do not open a public issue for a security-sensitive bug.
Report vulnerabilities privately with:
- a concise description of the issue
- affected files or modules
- a realistic impact assessment
- reproduction steps or a proof of concept
- any suggested mitigation
Until a dedicated security contact channel is published, use the repository owner's private contact path and clearly label the message as a security report.
Security-relevant areas in this repository include:
- API key handling
- stream key handling
- container and deployment defaults
- browser capture isolation
- network-facing provider integrations
- shell invocation and FFmpeg command construction