2021-06-13 14:39:33 +02:00
|
|
|
# Security Policy
|
|
|
|
|
|
2022-03-15 18:38:36 +01:00
|
|
|
## Supported versions
|
2021-06-13 14:39:33 +02:00
|
|
|
|
2022-05-05 21:56:17 +02:00
|
|
|
All versions of the Nextcloud community version which still receive updates will be supported
|
|
|
|
|
and will receive the minor version updates and security patches.
|
2021-06-13 14:39:33 +02:00
|
|
|
|
|
|
|
|
| Version | Supported |
|
|
|
|
|
| ------- | ------------------ |
|
2023-01-11 09:45:55 +01:00
|
|
|
| 25. x | :white_check_mark: |
|
2022-05-05 21:56:17 +02:00
|
|
|
| 24. x | :white_check_mark: |
|
2023-01-11 09:45:55 +01:00
|
|
|
| 23. x | :negative_squared_cross_mark: |
|
|
|
|
|
| 22. x | :negative_squared_cross_mark: |
|
2021-06-13 14:39:33 +02:00
|
|
|
|
2022-03-15 18:38:36 +01:00
|
|
|
Please update to the latest version available. Major migrations are always tested before being pushed.
|
|
|
|
|
|
|
|
|
|
## Automated vulnerability scanning
|
|
|
|
|
|
|
|
|
|
Uploaded images are regularly scanned for [OS vulnerabilities](https://github.com/Wonderfall/docker-nextcloud/security/code-scanning).
|
|
|
|
|
|
|
|
|
|
## Reporting a vulnerability
|
2021-06-13 14:39:33 +02:00
|
|
|
|
|
|
|
|
*Upstream* vulnerabilities should be reported to *upstream* projects according to their own security policies.
|
|
|
|
|
|
|
|
|
|
Regarding vulnerabilities specific to this project:
|
|
|
|
|
- Faulty configuration files
|
|
|
|
|
- Unsafe defaults
|
|
|
|
|
- Dependencies security updates
|
|
|
|
|
|
2022-05-05 21:56:17 +02:00
|
|
|
Those can be disclosed in private to `dev@hoellen.eu`.
|
