From be506f7b29ada84def6616909433a680411a58a5 Mon Sep 17 00:00:00 2001 From: Ruben Barkow Date: Sun, 22 Dec 2019 21:21:18 +0100 Subject: Set up a security policy Signed-off-by: Ruben Barkow-Kuder --- SECURITY.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 SECURITY.md (limited to 'SECURITY.md') diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000000..ee4bdb12eca --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security Policy + +## Supported Versions + +The latest three major release versions of Nextcloud are currently being supported with security updates. +Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details. + +## Reporting a Vulnerability + +Security is very important to us. If you have discovered a security issue with Nextcloud, +please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud). +Your report should include: + +- Product version +- A vulnerability description +- Reproduction steps + +A member of the security team will confirm the vulnerability, determine its impact, and develop a fix. +The fix will be applied to the master branch, tested, and packaged in the next security release. +The vulnerability will be publicly announced after the release. Finally, your name will be added +to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our +[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior. + + +Please visit https://nextcloud.com/security/ for further information about security. -- cgit v1.2.3