Set up a security policy

Signed-off-by: Ruben Barkow-Kuder <github@r.z11.de>
This commit is contained in:
Ruben Barkow 2019-12-22 21:21:18 +01:00 committed by Ruben Barkow-Kuder
parent 1c8730df12
commit be506f7b29
No known key found for this signature in database
GPG Key ID: 8BCC811299DBC5DF
3 changed files with 27 additions and 0 deletions

25
SECURITY.md Normal file
View File

@ -0,0 +1,25 @@
# Security Policy
## Supported Versions
The latest three major release versions of Nextcloud are currently being supported with security updates.
Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details.
## Reporting a Vulnerability
Security is very important to us. If you have discovered a security issue with Nextcloud,
please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud).
Your report should include:
- Product version
- A vulnerability description
- Reproduction steps
A member of the security team will confirm the vulnerability, determine its impact, and develop a fix.
The fix will be applied to the master branch, tested, and packaged in the next security release.
The vulnerability will be publicly announced after the release. Finally, your name will be added
to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our
[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior.
Please visit https://nextcloud.com/security/ for further information about security.

View File

@ -44,6 +44,7 @@ package: clean build-js-production
--exclude=/CONTRIBUTING.md \
--exclude=/issue_template.md \
--exclude=/README.md \
--exclude=/SECURITY.md \
--exclude=/.gitignore \
--exclude=/.scrutinizer.yml \
--exclude=/.travis.yml \

View File

@ -73,6 +73,7 @@ $expectedFiles = [
'remote.php',
'resources',
'robots.txt',
'SECURITY.md',
'status.php',
'tests',
'themes',