The following UnityUtil version branches are currently being supported with security updates.

We take security bugs in this NuGet package seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please use the GitHub "Open a draft security advisory" page.

A contributor will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Report security bugs in third-party assets/packages to the person or team maintaining them. You can also read Unity's security guidelines for reporting vulnerabilities in their software.

If you do not receive an acknowledgement of your report within one week, or if you cannot find a private security contact for the project, you may escalate to the original author directly: dan.vicarel@gmail.com.

If the project acknowledges your report but does not provide any further response or engagement within two weeks, escalation is also appropriate.