This document outlines the default procedures suggested for SDK integrations for Godot.
SDK maintainers can override this policy with their own SECURITY.md
file to
further specify how they wish to receive security vulnerability reports.
If you've found a security vulnerability in Godot itself, please do not create an issue on the GitHub issue tracker as it will be visible publicly.
Instead, send an email to security@godotengine.org.
If you've found a security vulnerability in a community-maintained SDK for
Godot, please review that SDK's MAINTAINERS.md
file for contact details
of the current maintainers, and send them a private email to disclose the
vulnerability.