The Cirrus Web Server is behind the Signalling server that is used for Pixel Streaming and provided with Unreal Engine.
The Cirrus Web Server package was recently removed from the registry because it contained malicious code as seen here.
I’m looking to know what the impact of this is on any Pixel Streaming deployments. Is Pixel Streaming safe to use or could this malicious code compromise the use of it? Thanks!
No news about that? … I checked the 4.27 preview 1, to see if they are using a newer version for webrtc and the signalling server, but it was the same. I hope in the 4.27 final version they change it.
I’ve been getting my PixStr sources from Epic’s repo at
They started that repo less than a year ago (sept 2022) and they’ve made more than 50 commits since then, including a few May 12, 2023. So, they’ve had ample time to fix any such problems.
My guess is that ‘cirrus-webserver’ is an unrelated package. NPM has tons of packages, most of which are abandoned and useless, but there’s often name near-misses. Go search for the word ‘cirrus’.