Evergon Release 0.18

What’s new in 0.18

1. Security: all penetration test issues resolved

This update closes all remaining issues identified during the platform’s penetration testing phase.

Fixed issues include:

• Stored XSS via file upload with weak restrictions
• Technical information disclosure
• Insufficient and missing Content Security Policy restrictions
• Weak refresh token handling
• Bypass of client-side restrictions
• User enumeration risks
• Open redirection
• Bypass of allowed file size limits

With these fixes, Evergon strengthens its baseline security posture and prepares the platform for more demanding operational and regulatory environments.

2. Faster admin onboarding with fewer clicks

We identified unnecessary friction in the admin onboarding flow, especially for first-time users creating their first project.

Previously, new users were required to pass through:

• A Create Project screen where creation was the only possible action
• An Enter or Select Project screen that added no value on first use

These steps have now been removed.

What changed:

• Users now move directly from account setup to entering project details
• After project creation, users land straight on the Welcome screen

The result is a significantly smoother onboarding experience, reducing the flow from eight steps to a more intuitive, linear journey.

3. Mainnet deployment now explicitly controlled

To reduce accidental exposure and improve operational safety, all newly created projects are now restricted to testnet deployments by default.

Mainnet deployment can be enabled manually by the Evergon team:

• Each project includes a control variable managed in Supabase
• Once unflagged, mainnet assets become available in the Create Market flow

This change ensures clearer separation between testing and production environments.

4. New off-chain roles for better access control

Evergon 0.18 introduces expanded off-chain role management to better reflect real-world project operations.

New roles include:

• Admin (App level)
• Managed by Evergon, with access to all project dashboards
• User (App level)
• Access limited to whitelabel and investor pages
• Project Member (Project level)
• Full access to project interfaces
• Project Issuer (Project level)
• Access limited to the issuer panel of the whitelabel

Role changes are managed directly via Supabase, following the internal role management guide.

5. Raised amount now visible on sale cards

Sale cards now display the amount raised, providing immediate visibility into funding progress.

This applies across:

• Ongoing sales
• Upcoming sales
• Pre-listing sales
• Finished sales

This improves transparency for both issuers and administrators when monitoring activity.

6. UI and UX improvements

Several smaller fixes and refinements are included in this release:

• Fixed Buy panel overlap with the header on scroll
• Added a Visibility panel to the sale table in issuer and admin views
• Updated sale enumerators on the sale edit page
• Corrected inconsistent date formatting in the admin sales list
• Updated onboarding wording from “Customer” to “Individual”
• Refreshed dashboard content for improved clarity

Final notes

This release is a stabilisation and usability-focused update. It strengthens our security foundations, reduces onboarding friction, and introduces clearer controls around roles and deployment environments.

As Evergon continues to move toward production-grade, regulated tokenization use cases, these improvements lay important groundwork for future releases.