Skip to content

Security: Integration-Automation/WebRunner

Security

SECURITY.md

Security Policy

Supported Versions

WebRunner (je_web_runner) is distributed on PyPI. Security fixes are applied to the latest released version. Please upgrade to the most recent release before reporting an issue, as the problem may already be resolved.

Version Supported
Latest release
Older releases

Reporting a Vulnerability

Please report security vulnerabilities privately — do not open a public issue, pull request, or discussion for a suspected vulnerability.

Use either of the following private channels:

  • GitHub Security Advisories — open a private report via the repository's Security tab → Report a vulnerability. This is the preferred channel.
  • Emailjechenmailman@gmail.com with a subject line beginning [SECURITY].

To help triage quickly, please include where practical:

  • A description of the vulnerability and its impact.
  • The affected version(s) and platform.
  • Step-by-step reproduction instructions or a minimal proof of concept.
  • Any suggested remediation.

Disclosure Process

  • We aim to acknowledge a report within 5 business days.
  • We target a fix and coordinated disclosure within 90 days of the initial report, sooner for actively exploited issues.
  • We will credit reporters who wish to be acknowledged once a fix is released. Please let us know your preference.

Thank you for helping keep WebRunner and its users safe.

There aren't any published security advisories