Security fixes are applied to the master branch and to the latest released
version of the VeraGrid packages.
Older releases may not receive security updates.
Do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Report vulnerabilities privately by email to:
spenate@eroots.tech
Please include:
- A clear description of the issue and affected component.
- Steps to reproduce, proof of concept, or a minimal test case.
- The VeraGrid version, package name, commit hash, and environment details.
- Any known impact, affected inputs, or suggested remediation.
We will review the report, confirm impact, and coordinate remediation and disclosure as appropriate.
We aim to acknowledge new vulnerability reports within 14 days and usually much sooner for clear, reproducible issues.
Please allow time for investigation and a fix before public disclosure.