We're extremely grateful to those who report vulnerabilities to the OpenReplay Community. All security issues should be directly addressed to us at security@openreplay.com with the necessary details. Don't hesitate to submit potential vulnerabilities you discovered in OpenReplay, or in any of its dependencies. If also better to do so even if you're not sure how the issue affects OpenReplay.
Every report is thoroughly investigated by our community volunteers and the OpenReplay team. You will receive a response from us within 3 working days. If the issue is confirmed, we will release a patch as soon as we can depending on the mitigation complexity. We will you keep you updated during the entirety of the process. The bug will be publicly disclosed right after the solution is available and well tested.