v5.1.2 — Security Patch
This is an emergency patch release. Fixes a High severity (CVSS 8.8) authenticated RCE vulnerability (CWE-95) in SymPy's parse_expr() across all math verification paths.
Security
- CWE-95 mitigation: Added
safe_parse_expr()— denylist + stripped__builtins__+ allow-listed math namespace + per-call global dict copy + pre/post-parse validation. Replaced all directparse_expr()call sites inmain.py,verifier.py,batch.py, andvalidator.py. - Calculus symbol consistency: Added
get_safe_symbol()to match SymPy symbol assumptions (e.g.,nasinteger=True, positive=True) — prevents incorrectdiff/integrate/limitresults. - Defense-in-depth: Pre-parse AST depth limit, post-parse SymPy tree depth validation,
sympy.Exprtype enforcement (rejects relationals likex < y),extra_symbolskey/value validation, sanitized exception handling.
Fixes
- Cache Redis fail-closed: Enforced fail-closed Redis backend for distributed cache mode (#199)
- CodSpeed benchmarks: Performance benchmark workflow added (#198)
- TS SDK: Restored
package-lock.jsonfor reliablenpm ciin publish workflow (#197)
Version Updates
| Artifact | Version |
|---|---|
| qwed (PyPI) | 5.1.2 |
| qwed_sdk (Python) | 5.1.2 |
| @qwed-ai/sdk (NPM) | 5.1.2 |
| qwed (Rust crate) | 5.1.2 |
| API version header | 5.1.2 |
| Docker image | docker.io/qwedai/qwed-verification:5.1.2 |
Included PRs
- #197 fix(ts-sdk): lockfile restore
- #198 ci: CodSpeed benchmarks
- #199 fix(cache): fail-closed Redis backend
- #200 fix(math): restrict SymPy expression parsing (CWE-95)
- #201 chore(release): v5.1.2 version bump
Credits: Vulnerability discovered by Sebastion (sebastiondev) via Foundation Machines and independently confirmed by EQSTLab. Fix reviewed and hardened by the QWED team.
Full Changelog: v5.1.1...v5.1.2