SafeSave is a mod for ULTRAKILL that changes how the game stores player save data to be more secure.

Ultrakill uses the BinaryFormatter class for storing save data, which is very insecure as it can allow anyone to hide malware in a save file and distribute it to others. More information on this vulnerability can be found here. SafeSave solves this problem by using JSON to save data, which does not have this exploit.

SafeSave files are stored in a different folder than regular saves. It is different depending on your OS, but on Windows they can be found in C:/Users/<your username>/AppData/LocalLow/Hakita/ULTRAKILL/SafeSave. You may need to enable hidden items (File Explorer->View->"Hidden Items") in File Explorer to find the folder.

According to one of the developers (who's identity will be redacted for privacy reasons), this vulnerability will not be patched anytime in the future. This desicion does not come from a place of malice. Do not harass/witch-hunt any developers about this desicion.

Although save files generated by the base game will not work with SafeSave, the mod changes the directory that save files are stored to prevent overriding your pre-SafeSave files. So, by using this mod, you are effectively forced into using 5 new save slots.

For previously mentioned reasons, no they will not. If you want cloud backups of your saves you will have to use something like Google Drive.

First of all, Do NOT harass anybody on the Ultrakill development team. Hostility is not going to convince them to do anything other than close their DMs. Instead, spread awareness to other players about this problem, but make sure you tell people not to send hate to the devs.

How the exploit works is, since the game accepts any objects as save file input, you can make your save file represent an object that executes code when instantiated. The way SafeSave loads save files does not allow them to represent any type they want, rather it forces them to represent level progress, weapon data, etc. Save files are structured in the exact save way and with the exact save types, but use JSON.NET instead of BinaryFromatter. A byproduct of this is that save files are much easier to edit and play around with.