# Security Policy

## Supported versions

As of now, only the latest stable version is supported.

| Version | Supported          |
| ------- | ------------------ |
| 23. x   | :white_check_mark: |
| 22. x   | :x:                |
| 21. x   | :x:                |

Please update to the latest version available. Major migrations are always tested before being pushed.

## Automated vulnerability scanning

Uploaded images are regularly scanned for [OS vulnerabilities](https://github.com/Wonderfall/docker-nextcloud/security/code-scanning).

## Reporting a vulnerability

*Upstream* vulnerabilities should be reported to *upstream* projects according to their own security policies.

Regarding vulnerabilities specific to this project:
- Faulty configuration files
- Unsafe defaults
- Dependencies security updates

Those can be disclosed in private to `wonderfall@pm.me` or `wonderfall:targaryen.house` on Matrix (preferred).