Before the first public release, security fixes target main. After tagged releases exist, the latest release line and main are supported unless a release note says otherwise.
Use GitHub private vulnerability reporting for this repository when available. If private reporting is not available, contact the maintainer through GitHub at @ThatNerdChris and ask for a private disclosure channel before sharing exploit details.
Please include:
- Affected version or commit.
- Reproduction steps.
- Impact and whether real Unreal projects, credentials, or local files are involved.
- Any relevant logs with secrets and personal paths removed.
Do not open a public issue with exploit details, secrets, tokens, private project files, or third-party credentials.
In scope:
- Unreal Tools CLI and plugin vulnerabilities.
- Unsafe file writes, rollback gaps, approval bypasses, or report claims that can mislead maintainers.
- Secret exposure in repository files, fixtures, docs, or generated artifacts.
Out of scope:
- Epic Games, Unreal Engine, GitHub, OpenAI, third-party services, or operating-system vulnerabilities.
- Scanning or testing repositories, projects, or systems you do not own or lack permission to review.
- Public disclosure before a fix or maintainer response window.