2024-03-29 16:56:51 +01:00
|
|
|
<!--
|
|
|
|
|
~ SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
|
2024-04-30 12:16:39 +02:00
|
|
|
~ SPDX-License-Identifier: AGPL-3.0-or-later OR GPL-2.0-only
|
2024-03-29 16:56:51 +01:00
|
|
|
-->
|
2021-06-14 11:52:33 +02:00
|
|
|
# Security Policy
|
|
|
|
|
|
|
|
|
|
## Supported Versions
|
|
|
|
|
|
|
|
|
|
Only the latest version is supported. We release every second month a feature release (currently 3.x) and inbetween a bug fix release (3.x.y).
|
|
|
|
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
|
|
|
|
|
|
Security is very important to us. If you have discovered a security issue with Nextcloud,
|
|
|
|
|
please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud).
|
|
|
|
|
Your report should include:
|
|
|
|
|
|
|
|
|
|
- Product version
|
|
|
|
|
- A vulnerability description
|
|
|
|
|
- Reproduction steps
|
|
|
|
|
|
|
|
|
|
A member of the security team will confirm the vulnerability, determine its impact, and develop a fix.
|
|
|
|
|
The fix will be applied to the master branch, tested, and packaged in the next bug fix release.
|
|
|
|
|
The vulnerability will be publicly announced after the release. Finally, your name will be added
|
|
|
|
|
to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our
|
|
|
|
|
[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Please visit https://nextcloud.com/security/ for further information about security.
|
