aboutsummaryrefslogtreecommitdiffstats
path: root/SECURITY.md
diff options
context:
space:
mode:
authorJosh Richards <josh.t.richards@gmail.com>2023-10-20 09:03:59 -0400
committerGitHub <noreply@github.com>2023-10-20 09:03:59 -0400
commit0ded3ad2b20ed0c239a5047960f42e5453b658e0 (patch)
tree5506e2947aaf8df981f10a6dcdd3b957c67ff38a /SECURITY.md
parent59366eebb8f4f5ad87e601aa3947ba54febf68d2 (diff)
downloadnextcloud-server-0ded3ad2b20ed0c239a5047960f42e5453b658e0.tar.gz
nextcloud-server-0ded3ad2b20ed0c239a5047960f42e5453b658e0.zip
Apply suggestions
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
Diffstat (limited to 'SECURITY.md')
-rw-r--r--SECURITY.md9
1 files changed, 4 insertions, 5 deletions
diff --git a/SECURITY.md b/SECURITY.md
index eea4d06e09d..06a96aac037 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -11,7 +11,6 @@ Please review our [threat model and accepted risks](https://nextcloud.com/securi
is currently considered a security vulnerability versus expected behavior. And review what is considered
[in scope or bounty eligible](https://hackerone.com/nextcloud/policy_scopes).
-You can expect a response within 24 hours in most cases.
## Reporting a Vulnerability
@@ -33,9 +32,9 @@ Your report should include:
You should receive an initial acknowledgement within 24 hours in most cases.
A member of the security team will confirm the vulnerability, determine its impact, follow-up with any questions,
-and coordinate a fix.
+and coordinate the fix and publication.
-The fix will be applied to the `master` branch, tested, and packaged in the next security release.
+The fix will be applied to all applicable and still supported stable branches, tested, and packaged in the next security release.
The vulnerability will be publicly announced after the release. Finally, your name will be added
to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud
community.
@@ -47,13 +46,13 @@ on past bounty ranges can be found at [hackerone.com/nextcloud](https://hackeron
## Existing Security Advisories
-Past advisories can be viewed at
+Published security advisories for the Nextcloud Server, Clients and Apps can be viewed at
[https://github.com/nextcloud/security-advisories/security/advisories](https://github.com/nextcloud/security-advisories/security/advisories
).
## Supported Versions
-The latest three major release versions of Nextcloud are currently being supported with security updates.
+Nextcloud Server major release versions are being supported with security updates for 1 year after their initial release.
Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details.
## Additional Information