Please do not open a public GitHub issue for security vulnerabilities.
Report security issues by email to info@paicore.tech. Include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept (if possible)
- Any suggested mitigations
You can expect an acknowledgement within 2 business days and a resolution timeline within 14 days for confirmed issues.
This policy covers the fix-http-server application code in this repository. It does not cover your deployment infrastructure, the FIX counterparty you connect to, or any downstream applications.
Only the latest release on the main branch receives security fixes.