We actively maintain security updates for the following versions:

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

Do not open a public issue for security vulnerabilities.

Instead, please use one of the following methods:

1. Email: Send details to hey@codemeapixel.dev
2. GitHub Security Advisories: Use the Security tab to privately report the issue

When reporting a vulnerability, please provide:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggested fixes or mitigations (if applicable)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution Target: Within 30 days for critical issues

1. We will acknowledge receipt of your report
2. We will investigate and validate the issue
3. We will work on a fix and coordinate disclosure timing with you
4. We will credit you in the security advisory (unless you prefer anonymity)

When contributing to FixFX:

• Keep dependencies updated
• Never commit secrets, API keys, or credentials
• Follow secure coding practices
• Validate and sanitize all user inputs
• Use environment variables for sensitive configuration

This security policy applies to:

• The FixFX frontend application
• The FixFX backend API
• Official deployment infrastructure

Third-party integrations and dependencies are outside our direct control but we will work with upstream maintainers when issues are discovered.

We appreciate security researchers who help keep FixFX safe. Contributors who responsibly disclose vulnerabilities will be acknowledged in our security advisories and README.