Security fixes are generally provided only for the latest released version of this project.
Older versions may contain known issues and are not guaranteed to receive updates.
If you believe you have found a security vulnerability, please report it privately and do not disclose it publicly right away.
Please use one of the following methods:
- GitHub private maintainer contact
- any other private contact channel maintained by the project owner
When reporting an issue, please include:
- a clear description of the vulnerability
- affected version(s)
- steps to reproduce the issue
- proof of concept, if available
- possible impact
After receiving a report, the maintainer will:
- review and validate the issue
- assess severity and impact
- work on a fix when appropriate
- publish the fix in a future release
Please note that this is an open-source hobby project, so response times may vary.
Please allow reasonable time for the issue to be reviewed and fixed before making any public disclosure.
Once a fix is available, the vulnerability may be documented publicly in release notes or repository documentation if necessary.
This policy applies to the source code and released versions of this repository.
Third-party tools, external dependencies, Blender itself, or other software used alongside this project are outside the direct scope of this policy unless the issue is caused by this repository’s own code.