Security fixes are applied to the current main branch. The project has not yet issued a stable release series.

Report suspected vulnerabilities through a private GitHub security advisory:

https://github.com/magnaquant/quantcortex/security/advisories/new

Do not open a public issue for credential exposure, order-routing failures, risk-check bypasses, state-corruption paths, or dependency vulnerabilities. Include the affected commit, a minimal reproduction, expected impact, and any mitigation you have tested. Remove API keys, account identifiers, positions, and proprietary market data from reports.

Maintainers will acknowledge a report when it is reviewed, assess severity, and coordinate remediation before public disclosure. This is a research and paper-execution project, not a certified production trading system; reports that could cause unintended orders or financial loss are treated as high priority.