The following U3D game engine versions are currently supported with security updates:
| Version | Supported |
|---|---|
| 2.0.x | ✅ |
| 1.9.x | ✅ |
| < 1.9.0 | ❌ |
We take the security of U3D game engine seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly
- Email: Send details to security@u3d-engine.example.com
- Use PGP encryption: Our public key is available at https://u3d-engine.example.com/pgp-key.txt
- Include details: Please provide:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Any suggested mitigations (if available)
- Initial Response: We aim to acknowledge receipt within 48 hours
- Status Updates: We will provide updates on the progress of addressing the vulnerability at least every 7 days
- Resolution Timeline: We strive to resolve critical issues within 30 days of verification
- Security issues will be addressed with the highest priority
- After a fix is developed and tested, it will be deployed to all supported versions
- Public disclosure will be coordinated with the reporter
- Credit will be given to the reporter (unless anonymity is requested)
Security advisories for U3D game engine will be published through:
- GitHub Security Advisories
- The official U3D discord
Security updates are released as part of our regular release cycle or as emergency patches for critical vulnerabilities. We recommend keeping your U3D game engine installation updated to the latest supported version.
When using U3D game engine in your projects, we recommend following these security best practices:
- Regularly update to the latest stable version
- Follow the principle of least privilege when configuring permissions
- Use the built-in security features for asset protection
- Enable code signing for your game builds
- Implement proper input validation for user-generated content
- Review third-party plugins for security issues before integration
For security-related inquiries, please contact the team at security@u3d.io.