| Version | Supported |
|---|---|
| 2.3.x | ✅ |
| < 2.2.x | ❌ |
QuickFIX/J welcomes and appreciates responsible disclosure. Contributors are given appropriate credit in release notes and Git logs.
For security issues in QuickFIX/J itself contact the project maintainer: christoph.john-at-macd.com
For security issues in libraries used by QuickFIX/J contact the relevant project team (e.g. for Apache MINA: https://www.apache.org/security/ ). If you feel they are particularly exploitable via QuickFIX/J also feel free to follow up with the project maintainer as above so that we upgrade to the new version in a timely fashion.
Once a security issue is fixed in QuickFIX/J it will be communicated via the user mailing list and other appropriate channels.