# Security Policy

## Supported versions

All versions of the Nextcloud community version which still receive updates will be supported 
and will receive the minor version updates and security patches.

| Version | Supported          |
| ------- | ------------------ |
| 24. x   | :white_check_mark: |
| 23. x   | :white_check_mark: |
| 22. x   | :white_check_mark: |

Please update to the latest version available. Major migrations are always tested before being pushed.

## Automated vulnerability scanning

Uploaded images are regularly scanned for [OS vulnerabilities](https://github.com/Wonderfall/docker-nextcloud/security/code-scanning).

## Reporting a vulnerability

*Upstream* vulnerabilities should be reported to *upstream* projects according to their own security policies.

Regarding vulnerabilities specific to this project:
- Faulty configuration files
- Unsafe defaults
- Dependencies security updates

Those can be disclosed in private to `dev@hoellen.eu`.