Like cron, Jobber enables different users to run their own sets of jobs. The main security requirement is that Jobber does not enable users to do something they otherwise would not be allowed to do. In particular, the set of commands that a user can execute via Jobber must be a subset of the set of commands that the user can execute in the shell.
The Jobber project follows Core
Infrastructure Initiative best practices:
Note that Jobber has not been thoroughly and expertly reviewed with regard to security. (Of course, neither has most software....) Meeting its security requirements is indeed a goal, but, as made clear in the license, the authors make no guarantee that there are no vulnerabilities in Jobber.
Reporting Vulnerabilities
If you discover a vulnerability in Jobber, please send a description of it to jobber-security@nekonya.info.
Please, do NOT discuss it on the Jobber mailing list or in a GitHub issue — or, really, anywhere. If you do, you are a bad person.