Roku Product Security
Vulnerability Disclosure Process
- Vulnerability reports must be encrypted with the Roku Security Team PGP key located at: roku.com/about/security-team-public-pgp-key
- Please send encrypted vulnerability reports to security@roku.com
- Vulnerability disclosures will be reviewed and acknowledgement of receipt issued within 30 days of submission.
- Periodic status updates on any necessary vulnerability remediation may be issued up to a 90-day period for full mitigation.
Security Update History
Roku Product Software Security Updates
Roku will provide critical software security updates to all Roku streaming players and streambars for at least four (4) years after the model manufacturing ends.
The table below shows current critical software security update periods for Roku devices:
The table below shows current critical software security update periods for Roku devices:
| Device Model | Software Security Updates until at least the date below |
|---|---|
| Roku Express (3960X) | March 2028 |
| Roku Express 4K (3940X, 3940X2) | March 2028 |
| Roku Streaming Stick+ (3810X) | March 2028 |
| Roku Streaming Stick 4K (3820X, 3820X2) | March 2028 |
| Roku Streambar (9102X) | March 2028 |
| Roku Premiere (3920X) | March 2028 |
| Roku Voice Remote (RCA1CA) | March 2028 |