Please do not open a public GitHub issue for security vulnerabilities.
Report security issues privately by either:
- Opening a private security advisory on this repository, or
- Emailing security@roark.ai
Include as much detail as possible: affected versions, reproduction steps, and any proof-of-concept code. We will acknowledge receipt within 2 business days and aim to provide a remediation timeline within 5 business days.
Only the latest minor release on PyPI receives security fixes. Pin to a recent version to stay covered.
This policy covers the pipecat-roark package published from this repository. For vulnerabilities in the Roark Analytics platform itself, please email security@roark.ai directly.