mirrors
/
nextcloud
ミラー元 https://github.com/nextcloud/server.git
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 リリース 984 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
74395 コミット
400 ブランチ
ブランチ: master
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'master' から
${ noResults }
nextcloud/SECURITY.md

SECURITY.md 3.0KB
Raw パーマリンク 通常表示 履歴

chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
1週間前
Set up a security policy Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
4年前
Add community/third-party apps note to security policy Just making it match the new global one in nextcloud/.github#241 Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
6ヶ月前
Set up a security policy Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
4年前
Add community/third-party apps note to security policy Just making it match the new global one in nextcloud/.github#241 Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
6ヶ月前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Add community/third-party apps note to security policy Just making it match the new global one in nextcloud/.github#241 Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
6ヶ月前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Set up a security policy Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
4年前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Set up a security policy Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
4年前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Set up a security policy Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
4年前
Add community/third-party apps note to security policy Just making it match the new global one in nextcloud/.github#241 Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
6ヶ月前
Apply suggestions Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Apply suggestions Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Set up a security policy Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
4年前
Add community/third-party apps note to security policy Just making it match the new global one in nextcloud/.github#241 Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
6ヶ月前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Apply suggestions Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Add community/third-party apps note to security policy Just making it match the new global one in nextcloud/.github#241 Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
6ヶ月前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Apply suggestions Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Set up a security policy Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
4年前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
Set up a security policy Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
4年前
SECURITY: Add {links, headings, $, scope, public GH Issues notes} * Add links to various relevant pages (scope, existing security advisories) * Add request to not report vulnerabilities in public GH issues * Mention bounty program * Reorganized and added some new headings Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
7ヶ月前
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. <!--

  2.  - SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors

  3.  - SPDX-License-Identifier: AGPL-3.0-or-later

  4. -->

  5. # Security Policy

  6. 

  7. [Security](https://nextcloud.com/security/) is very important to us.

  8. 

  9. If you believe you have found a security vulnerability that meets our definition of a security

  10. vulnerability, please report is as described below.

  11. 

  12. ## Context

  13. 

  14. Please review our [threat model and accepted risks](https://nextcloud.com/security/threat-model) to learn what

  15. is currently considered a security vulnerability versus expected behavior. And review what is considered

  16. [in scope or bounty eligible](https://hackerone.com/nextcloud/policy_scopes).

  17. 

  18. 

  19. ## Reporting a Vulnerability

  20. 

  21. ** **Please do _not_ report security vulnerabilities through public GitHub issues.** **

  22. 

  23. If you have discovered a security matter with Nextcloud, please read our

  24. [responsible disclosure guidelines](https://nextcloud.com/security/) and contact us at

  25. [hackerone.com/nextcloud](https://hackerone.com/nextcloud).

  26. 

  27. Your report should include:

  28. 

  29. - Product version

  30. - A vulnerability description

  31. - Reproduction steps

  32. - Any other details you think are likely to be important

  33. 

  34. ### What to Expect

  35. 

  36. You should receive an initial acknowledgement within 24 hours in most cases.

  37. 

  38. A member of the security team will confirm the vulnerability, determine its impact, follow-up with any questions,

  39. and coordinate the fix and publication.

  40. 

  41. The fix will be applied to all applicable and still supported stable branches, tested, and packaged in the next security release.

  42. The vulnerability will be publicly announced after the release. Finally, your name will be added

  43. to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud

  44. community.

  45. 

  46. If the vulnerability involves an app that is not maintained by Nextcloud (i.e. hosted by the 

  47. Nextcloud project but community maintained, or hosted elsewhere), the security team will try to coordinate with the

  48. current maintainer and help to get the issue fixed in similar fashion.

  49. 

  50. ### Bug Bounties

  51. 

  52. If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Details

  53. on past bounty ranges can be found at [hackerone.com/nextcloud](https://hackerone.com/nextcloud).

  54. 

  55. ## Existing Security Advisories

  56. 

  57. Published security advisories for the Nextcloud Server, Clients and Apps can be viewed at

  58. [https://github.com/nextcloud/security-advisories/security/advisories](https://github.com/nextcloud/security-advisories/security/advisories).

  59. 

  60. ## Supported Versions

  61. 

  62. Nextcloud Server major release versions are being supported with security updates for 1 year after their initial release.

  63. Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details.

  64. 

  65. ## Additional Information

  66. 

  67. Please visit [https://nextcloud.com/security/](https://nextcloud.com/security/) for further information about Nextcloud security.

  68. Please visit [https://nextcloud.com/security/threat-model](https://nextcloud.com/security/threat-model) for our threat model and accepted risks.