WebRunner (je_web_runner) is distributed on PyPI. Security fixes are
applied to the latest released version. Please upgrade to the most recent
release before reporting an issue, as the problem may already be resolved.
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Older releases | ❌ |
Please report security vulnerabilities privately — do not open a public issue, pull request, or discussion for a suspected vulnerability.
Use either of the following private channels:
- GitHub Security Advisories — open a private report via the repository's Security tab → Report a vulnerability. This is the preferred channel.
- Email —
jechenmailman@gmail.comwith a subject line beginning[SECURITY].
To help triage quickly, please include where practical:
- A description of the vulnerability and its impact.
- The affected version(s) and platform.
- Step-by-step reproduction instructions or a minimal proof of concept.
- Any suggested remediation.
- We aim to acknowledge a report within 5 business days.
- We target a fix and coordinated disclosure within 90 days of the initial report, sooner for actively exploited issues.
- We will credit reporters who wish to be acknowledged once a fix is released. Please let us know your preference.
Thank you for helping keep WebRunner and its users safe.