Do NOT open a public issue for security vulnerabilities.
Email: allan@kablamo.com.au
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond within 48 hours and provide a timeline for resolution.
| Version | Supported |
|---|---|
| 0.3.x | Yes |
| < 0.3 | No |
QUEEF has zero runtime dependencies — the entire attack surface is pure Python standard library. Security issues would involve the assertion logic itself, not transitive dependency vulnerabilities.
QUEEF is a testing library — it runs in development/CI environments, not production. Security concerns are primarily around:
- Ensuring test assertions don't leak sensitive data in error messages
- Ensuring baseline files (JSON snapshots) don't contain credentials