# Security Policy ## Supported versions All versions of the Nextcloud community version which still receive updates will be supported and will receive the minor version updates and security patches. | Version | Supported | | ------- | ------------------ | | 28. x | :white_check_mark: | | 27. x | :white_check_mark: | | 26. x | :negative_squared_cross_mark: | | 25. x | :negative_squared_cross_mark: | | 24. x | :negative_squared_cross_mark: | | 23. x | :negative_squared_cross_mark: | | 22. x | :negative_squared_cross_mark: | Please update to the latest version available. Major migrations are always tested before being pushed. An up-to-date list of the currently maintained Nextcloud versions can also be found in the [Nextcloud Repository Wiki](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule). ## Automated vulnerability scanning Uploaded images are regularly scanned for [OS vulnerabilities](https://github.com/Wonderfall/docker-nextcloud/security/code-scanning). ## Reporting a vulnerability *Upstream* vulnerabilities should be reported to *upstream* projects according to their own security policies. Regarding vulnerabilities specific to this project: - Faulty configuration files - Unsafe defaults - Dependencies security updates Those can be disclosed in private to `dev@hoellen.eu`.