Security

Reporting vulnerabilities

Vulnerabilities can be reported privately by using the Security Advisory feature of GitHub.

Binaries

Binaries are compiled from source through the Release workflow without human intervention, preventing any external interference.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify the binaries checksum by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check