Security updates are applied to the latest release on the main branch. If you are using an older release, please upgrade to the newest version before reporting issues.

Please report security issues privately so we can investigate and address them responsibly.

Preferred contact:

• GitHub Security Advisories: https://github.com/RageAgainstThePixel/unity-cli/security/advisories

If you cannot use GitHub Security Advisories, open a minimal issue and request a private channel; do not include sensitive details in public issues.

When reporting, please include:

• A clear description of the issue and impact
• Steps to reproduce (proof-of-concept or minimal example)
• Affected versions, if known
• Any relevant logs or configuration details (redact secrets)

We follow responsible disclosure practices:

• We will acknowledge receipt of your report within 5 business days
• We will work on a fix and coordinate a release
• We will credit reporters who want acknowledgment

The following are generally out of scope:

• Issues in outdated or unsupported versions
• Social engineering or physical attacks
• Denial of service issues that require unreasonable traffic volumes
• Vulnerabilities in dependencies without a direct impact on this project

Security releases will be published through GitHub Releases and, when appropriate, GitHub Security Advisories.