diff options
author | Ruben Barkow <github@r.z11.de> | 2019-12-22 21:21:18 +0100 |
---|---|---|
committer | Ruben Barkow-Kuder <github@r.z11.de> | 2020-01-21 16:25:52 +0100 |
commit | be506f7b29ada84def6616909433a680411a58a5 (patch) | |
tree | 5a5b3b1d3710581960c2b391635e7ad755630990 | |
parent | 1c8730df1296f12417843af154cca41d89f27f67 (diff) | |
download | nextcloud-server-be506f7b29ada84def6616909433a680411a58a5.tar.gz nextcloud-server-be506f7b29ada84def6616909433a680411a58a5.zip |
Set up a security policy
Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
-rw-r--r-- | SECURITY.md | 25 | ||||
-rw-r--r-- | apps/updatenotification/Makefile | 1 | ||||
-rw-r--r-- | build/files-checker.php | 1 |
3 files changed, 27 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000000..ee4bdb12eca --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security Policy + +## Supported Versions + +The latest three major release versions of Nextcloud are currently being supported with security updates. +Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details. + +## Reporting a Vulnerability + +Security is very important to us. If you have discovered a security issue with Nextcloud, +please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud). +Your report should include: + +- Product version +- A vulnerability description +- Reproduction steps + +A member of the security team will confirm the vulnerability, determine its impact, and develop a fix. +The fix will be applied to the master branch, tested, and packaged in the next security release. +The vulnerability will be publicly announced after the release. Finally, your name will be added +to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our +[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior. + + +Please visit https://nextcloud.com/security/ for further information about security. diff --git a/apps/updatenotification/Makefile b/apps/updatenotification/Makefile index 11c4eec98dd..ca810f6aa5a 100644 --- a/apps/updatenotification/Makefile +++ b/apps/updatenotification/Makefile @@ -44,6 +44,7 @@ package: clean build-js-production --exclude=/CONTRIBUTING.md \ --exclude=/issue_template.md \ --exclude=/README.md \ + --exclude=/SECURITY.md \ --exclude=/.gitignore \ --exclude=/.scrutinizer.yml \ --exclude=/.travis.yml \ diff --git a/build/files-checker.php b/build/files-checker.php index 27604a07e30..34533698163 100644 --- a/build/files-checker.php +++ b/build/files-checker.php @@ -73,6 +73,7 @@ $expectedFiles = [ 'remote.php', 'resources', 'robots.txt', + 'SECURITY.md', 'status.php', 'tests', 'themes', |