summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRuben Barkow <github@r.z11.de>2019-12-22 21:21:18 +0100
committerRuben Barkow-Kuder <github@r.z11.de>2020-01-21 16:25:52 +0100
commitbe506f7b29ada84def6616909433a680411a58a5 (patch)
tree5a5b3b1d3710581960c2b391635e7ad755630990
parent1c8730df1296f12417843af154cca41d89f27f67 (diff)
downloadnextcloud-server-be506f7b29ada84def6616909433a680411a58a5.tar.gz
nextcloud-server-be506f7b29ada84def6616909433a680411a58a5.zip
Set up a security policy
Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
-rw-r--r--SECURITY.md25
-rw-r--r--apps/updatenotification/Makefile1
-rw-r--r--build/files-checker.php1
3 files changed, 27 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..ee4bdb12eca
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+The latest three major release versions of Nextcloud are currently being supported with security updates.
+Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details.
+
+## Reporting a Vulnerability
+
+Security is very important to us. If you have discovered a security issue with Nextcloud,
+please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud).
+Your report should include:
+
+- Product version
+- A vulnerability description
+- Reproduction steps
+
+A member of the security team will confirm the vulnerability, determine its impact, and develop a fix.
+The fix will be applied to the master branch, tested, and packaged in the next security release.
+The vulnerability will be publicly announced after the release. Finally, your name will be added
+to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our
+[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior.
+
+
+Please visit https://nextcloud.com/security/ for further information about security.
diff --git a/apps/updatenotification/Makefile b/apps/updatenotification/Makefile
index 11c4eec98dd..ca810f6aa5a 100644
--- a/apps/updatenotification/Makefile
+++ b/apps/updatenotification/Makefile
@@ -44,6 +44,7 @@ package: clean build-js-production
--exclude=/CONTRIBUTING.md \
--exclude=/issue_template.md \
--exclude=/README.md \
+ --exclude=/SECURITY.md \
--exclude=/.gitignore \
--exclude=/.scrutinizer.yml \
--exclude=/.travis.yml \
diff --git a/build/files-checker.php b/build/files-checker.php
index 27604a07e30..34533698163 100644
--- a/build/files-checker.php
+++ b/build/files-checker.php
@@ -73,6 +73,7 @@ $expectedFiles = [
'remote.php',
'resources',
'robots.txt',
+ 'SECURITY.md',
'status.php',
'tests',
'themes',