Security Policy

Supported Versions

Since the beginning of 2026 we are releasing versions of EVerest with a cadence of six months. The specifics of this release process are outlined in the Release Documentation.

Reporting a Vulnerability

If you found a vulnerability, we are super keen and grateful to get the details. Please use this private mailing list to let us know: everest-security@lists.lfenergy.org

Please DON’T use the publicly visible issue reporting functionality from GitHub! Alternatively you can use the “Report a vulnerability” feature on Github which should be enabled in all repositories. For example for everest-core you can find this here: https://github.com/EVerest/everest-core/security

We try to monitor this list and respond every working day, but in initial respond time should not go beyond 7 days. Please provide us with your estimation of the severity of your finding. Every other information on how to exploit it as well as everything else you could provide is helpful.