|
|
|
@@ -0,0 +1,25 @@ |
|
|
|
# Security Policy |
|
|
|
|
|
|
|
## Supported Versions |
|
|
|
|
|
|
|
The latest three major release versions of Nextcloud are currently being supported with security updates. |
|
|
|
Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details. |
|
|
|
|
|
|
|
## Reporting a Vulnerability |
|
|
|
|
|
|
|
Security is very important to us. If you have discovered a security issue with Nextcloud, |
|
|
|
please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud). |
|
|
|
Your report should include: |
|
|
|
|
|
|
|
- Product version |
|
|
|
- A vulnerability description |
|
|
|
- Reproduction steps |
|
|
|
|
|
|
|
A member of the security team will confirm the vulnerability, determine its impact, and develop a fix. |
|
|
|
The fix will be applied to the master branch, tested, and packaged in the next security release. |
|
|
|
The vulnerability will be publicly announced after the release. Finally, your name will be added |
|
|
|
to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our |
|
|
|
[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior. |
|
|
|
|
|
|
|
|
|
|
|
Please visit https://nextcloud.com/security/ for further information about security. |
Ruben Barkow
4 年之前