From 0ded3ad2b20ed0c239a5047960f42e5453b658e0 Mon Sep 17 00:00:00 2001 From: Josh Richards Date: Fri, 20 Oct 2023 09:03:59 -0400 Subject: [PATCH] Apply suggestions Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Josh Richards --- SECURITY.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index eea4d06e09d..06a96aac037 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -11,7 +11,6 @@ Please review our [threat model and accepted risks](https://nextcloud.com/securi is currently considered a security vulnerability versus expected behavior. And review what is considered [in scope or bounty eligible](https://hackerone.com/nextcloud/policy_scopes). -You can expect a response within 24 hours in most cases. ## Reporting a Vulnerability @@ -33,9 +32,9 @@ Your report should include: You should receive an initial acknowledgement within 24 hours in most cases. A member of the security team will confirm the vulnerability, determine its impact, follow-up with any questions, -and coordinate a fix. +and coordinate the fix and publication. -The fix will be applied to the `master` branch, tested, and packaged in the next security release. +The fix will be applied to all applicable and still supported stable branches, tested, and packaged in the next security release. The vulnerability will be publicly announced after the release. Finally, your name will be added to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. @@ -47,13 +46,13 @@ on past bounty ranges can be found at [hackerone.com/nextcloud](https://hackeron ## Existing Security Advisories -Past advisories can be viewed at +Published security advisories for the Nextcloud Server, Clients and Apps can be viewed at [https://github.com/nextcloud/security-advisories/security/advisories](https://github.com/nextcloud/security-advisories/security/advisories ). ## Supported Versions -The latest three major release versions of Nextcloud are currently being supported with security updates. +Nextcloud Server major release versions are being supported with security updates for 1 year after their initial release. Please visit https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule for further details. ## Additional Information