Schemathesis provides security updates only for the latest minor version within the 3.x series.
| Version | Supported |
|---|---|
| 3.x | ✅ |
| < 3.0 | ❌ |
To report a security vulnerability in Schemathesis:
- Email your findings to dmitry@dygalo.dev.
- Provide a detailed description of the vulnerability and steps to reproduce it.
- If possible, include a suggested fix or mitigation.
You can expect an initial response within a few days of your report.
While Schemathesis is typically installed in test environments, we take all security reports seriously and appreciate your efforts to disclose responsibly.
There is no formal process for disclosing fixed vulnerabilities. Updates will be released as part of regular patch versions, and significant security fixes will be noted in the release notes.
Thank you for helping keep Schemathesis and its users safe!