We take security seriously. The following versions of this project are currently being supported with security updates:

If you discover a security vulnerability within this project, please follow responsible disclosure practices:

1. DO NOT create a public GitHub issue for security vulnerabilities
2. Send a detailed report to the project maintainers via their preferred contact method
3. Include the following information:
   • Type of vulnerability
   • Full paths of source file(s) related to the vulnerability
   • Location of the affected source code (tag/branch/commit or direct URL)
   • Step-by-step instructions to reproduce the issue
   • Proof-of-concept or exploit code (if possible)
   • Impact assessment and potential attack scenarios

• Acknowledgment: We will acknowledge receipt of your report within 48 hours
• Initial Response: A member of the security team will respond within 7 days
• Status Updates: We will provide updates on the vulnerability status at least every 7 days until resolution
• Resolution: We will work to develop and release a fix as quickly as possible, depending on complexity

Security concerns related to:

• Authentication and authorization bypasses
• Data exposure or leakage
• Remote code execution vulnerabilities
• Injection attacks (SQL, XSS, Command Injection, etc.)
• Cryptographic weaknesses
• Dependency vulnerabilities
• Unity-specific security concerns

• Denial of Service attacks that require significant resources
• Social engineering attacks
• Physical security issues
• Vulnerabilities in third-party services or dependencies not maintained by this project

Security updates will be released as patch versions and announced through the project's release notes. We encourage all users to keep their installations up to date.

We would like to thank all security researchers and community members who help keep this project safe. Contributors who report valid security issues will be acknowledged (unless anonymity is requested) in our security advisory and release notes.