Browse Source

Apply suggestions

Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
tags/v28.0.0beta1
Josh Richards 7 months ago
parent
commit
0ded3ad2b2
No account linked to committer's email address
1 changed files with 4 additions and 5 deletions
  1. 4
    5
      SECURITY.md

+ 4
- 5
SECURITY.md View File

is currently considered a security vulnerability versus expected behavior. And review what is considered is currently considered a security vulnerability versus expected behavior. And review what is considered
[in scope or bounty eligible](https://hackerone.com/nextcloud/policy_scopes). [in scope or bounty eligible](https://hackerone.com/nextcloud/policy_scopes).


You can expect a response within 24 hours in most cases.


## Reporting a Vulnerability ## Reporting a Vulnerability


You should receive an initial acknowledgement within 24 hours in most cases. You should receive an initial acknowledgement within 24 hours in most cases.


A member of the security team will confirm the vulnerability, determine its impact, follow-up with any questions, A member of the security team will confirm the vulnerability, determine its impact, follow-up with any questions,
and coordinate a fix.
and coordinate the fix and publication.


The fix will be applied to the `master` branch, tested, and packaged in the next security release.
The fix will be applied to all applicable and still supported stable branches, tested, and packaged in the next security release.
The vulnerability will be publicly announced after the release. Finally, your name will be added The vulnerability will be publicly announced after the release. Finally, your name will be added
to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud
community. community.


## Existing Security Advisories ## Existing Security Advisories


Past advisories can be viewed at
Published security advisories for the Nextcloud Server, Clients and Apps can be viewed at
[https://github.com/nextcloud/security-advisories/security/advisories](https://github.com/nextcloud/security-advisories/security/advisories [https://github.com/nextcloud/security-advisories/security/advisories](https://github.com/nextcloud/security-advisories/security/advisories
). ).


## Supported Versions ## Supported Versions


The latest three major release versions of Nextcloud are currently being supported with security updates.
Nextcloud Server major release versions are being supported with security updates for 1 year after their initial release.
Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details. Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details.


## Additional Information ## Additional Information

Loading…
Cancel
Save