This library processes SWIFT FIN messages, which may contain sensitive financial data including account numbers, transaction amounts, and banking identifiers. Security issues in parsing, serialization, or data handling are taken seriously.

Only the latest release receives security updates. Users are encouraged to stay up to date.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please report vulnerabilities by emailing the maintainers directly. Include:

1. A description of the vulnerability.
2. Steps to reproduce or a proof-of-concept.
3. The affected version(s).
4. Any suggested fix, if available.

You should receive an acknowledgment within 72 hours. We will work with you to understand the issue and coordinate a fix and disclosure timeline.

• Confirmed vulnerabilities will be patched in a new release.
• A security advisory will be published via GitHub Security Advisories after the fix is available.
• Credit will be given to the reporter unless they prefer anonymity.

• Do not log raw SWIFT messages in production without redacting sensitive fields.
• Validate inputs before passing them to the parser, especially messages from untrusted sources.
• Use strict parsing mode when processing messages from unknown origins to catch malformed input early.
• Keep dependencies updated by monitoring go.sum for known vulnerabilities.