At Stream we are committed to the security of our Software. We appreciate your efforts in disclosing vulnerabilities responsibly and we will make every effort to acknowledge your contributions.

Report security vulnerabilities at the following email address:

[security@getstream.io](mailto:security@getstream.io)

Alternatively it is also possible to open a new issue in the affected repository, tagging it with the security tag.

A team member will acknowledge the vulnerability and will follow-up with more detailed information. A representative of the security team will be in touch if more information is needed.

While we appreciate any information that you are willing to provide, please make sure to include the following:

• Which repository is affected
• Which branch, if relevant
• Be as descriptive as possible, the team will replicate the vulnerability before working on a fix.