Roku Product Security
Vulnerability Disclosure Process
Roku is committed to providing a secure and trusted platform for our users. We value security researchers and others who keep a watchful eye and responsibly disclose any security issues. If you identify a security vulnerability in a Roku product or service, we ask that you please disclose the issue to us via our Vulnerability Disclosure Program (VDP) powered by BugCrowd. The VDP submission form is below:
Security Update History
Roku Product Software Security Updates
Roku will provide critical software security updates to all Roku streaming players and streambars for at least four (4) years after the model manufacturing ends.
The table below shows current critical software security update periods for Roku devices:
The table below shows current critical software security update periods for Roku devices:
| Device Model | Software Security Updates until at least the date below |
|---|---|
| Roku Streaming Stick (3840X) | June 2029 |
| Roku Streaming Stick Plus (3830X, 3830X2) | June 2029 |
| Roku Express (3960X) | March 2028 |
| Roku Express 4K (3940X, 3940X2) | March 2028 |
| Roku Streaming Stick+ (3810X) | March 2028 |
| Roku Streaming Stick 4K (3820X, 3820X2) | March 2028 |
| Roku Streambar (9102X) | March 2028 |
| Roku Premiere (3920X) | March 2028 |
| Roku Voice Remote (RCA1CA) | March 2028 |