diff options
author | Tobias Kaminsky <tobias@kaminsky.me> | 2021-06-14 12:52:33 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-14 12:52:33 +0300 |
commit | 2e98dcd11dd264a0f5d370495eca829f97b84d18 (patch) | |
tree | 8a048c05bcaccb9bb4e298587833bafbf2f1ddcb /SECURITY.md | |
parent | 830bc3703caa833e350ec36b206ea1a638afb532 (diff) |
Create SECURITY.md
Diffstat (limited to 'SECURITY.md')
-rw-r--r-- | SECURITY.md | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..276e201397 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,24 @@ +# Security Policy + +## Supported Versions + +Only the latest version is supported. We release every second month a feature release (currently 3.x) and inbetween a bug fix release (3.x.y). + +## Reporting a Vulnerability + +Security is very important to us. If you have discovered a security issue with Nextcloud, +please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud). +Your report should include: + +- Product version +- A vulnerability description +- Reproduction steps + +A member of the security team will confirm the vulnerability, determine its impact, and develop a fix. +The fix will be applied to the master branch, tested, and packaged in the next bug fix release. +The vulnerability will be publicly announced after the release. Finally, your name will be added +to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our +[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior. + + +Please visit https://nextcloud.com/security/ for further information about security. |