Ren'Py Web Player is designed for local use.

• Run on localhost for desktop testing.
• Use HTTPS with a locally trusted certificate for LAN/mobile testing.
• Do not expose the server directly to the public internet.
• Treat the Docker-generated root CA as local-only. Do not publish it, reuse it for unrelated services, or share the Docker cache volume with untrusted users.

Please open a private security advisory if the repository host supports it, or contact the maintainers privately before publishing details.

Useful details include:

• Operating system and browser
• Python version
• Whether the server was run over HTTP or HTTPS
• Reproduction steps
• Redacted diagnostics from the app's System Check panel

• Archive extraction
• Cache clearing endpoints
• /proxy/ remote fetch behavior
• Session and engine file path resolution
• Generated local certificate authority files under the Docker cache volume