Only the latest 0.1.x release receives security fixes while the project remains pre-1.0.

Use GitHub's private vulnerability reporting for shenron0101/hftbacktest-cpp. Do not open a public issue for a suspected vulnerability. Include affected versions, reproduction steps, impact, and any proposed mitigation.

This project parses untrusted NPY/NPZ files but is not a network service. Treat malformed data handling, memory safety, archive parsing, and release-pipeline compromise as security-relevant.