Set up a security policy
Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
This commit is contained in:
parent
1c8730df12
commit
be506f7b29
3 changed files with 27 additions and 0 deletions
25
SECURITY.md
Normal file
25
SECURITY.md
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
The latest three major release versions of Nextcloud are currently being supported with security updates.
|
||||||
|
Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details.
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Security is very important to us. If you have discovered a security issue with Nextcloud,
|
||||||
|
please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud).
|
||||||
|
Your report should include:
|
||||||
|
|
||||||
|
- Product version
|
||||||
|
- A vulnerability description
|
||||||
|
- Reproduction steps
|
||||||
|
|
||||||
|
A member of the security team will confirm the vulnerability, determine its impact, and develop a fix.
|
||||||
|
The fix will be applied to the master branch, tested, and packaged in the next security release.
|
||||||
|
The vulnerability will be publicly announced after the release. Finally, your name will be added
|
||||||
|
to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our
|
||||||
|
[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior.
|
||||||
|
|
||||||
|
|
||||||
|
Please visit https://nextcloud.com/security/ for further information about security.
|
|
@ -44,6 +44,7 @@ package: clean build-js-production
|
||||||
--exclude=/CONTRIBUTING.md \
|
--exclude=/CONTRIBUTING.md \
|
||||||
--exclude=/issue_template.md \
|
--exclude=/issue_template.md \
|
||||||
--exclude=/README.md \
|
--exclude=/README.md \
|
||||||
|
--exclude=/SECURITY.md \
|
||||||
--exclude=/.gitignore \
|
--exclude=/.gitignore \
|
||||||
--exclude=/.scrutinizer.yml \
|
--exclude=/.scrutinizer.yml \
|
||||||
--exclude=/.travis.yml \
|
--exclude=/.travis.yml \
|
||||||
|
|
|
@ -73,6 +73,7 @@ $expectedFiles = [
|
||||||
'remote.php',
|
'remote.php',
|
||||||
'resources',
|
'resources',
|
||||||
'robots.txt',
|
'robots.txt',
|
||||||
|
'SECURITY.md',
|
||||||
'status.php',
|
'status.php',
|
||||||
'tests',
|
'tests',
|
||||||
'themes',
|
'themes',
|
||||||
|
|
Loading…
Reference in a new issue