Nextcloud security
Security in Nextcloud
Nextcloud is designed to offer the best security in the on premise content collaboration industry. Read more about the security features and our development process.
Report
a security issue
If you have discovered a security issue with Nextcloud, please read our responsible
disclosure guidelines and contact us at hackerone.com/nextcloud.
Your report should include:
Product version
A vulnerability description
Reproduction steps
What happens next
A member of the security team will confirm the vulnerability, determine its impact, and develop a fix.
The fix will be applied to the master branch, tested, and packaged in the next security release.
The vulnerability will be publicly announced after the release.
Finally, your name will be added to the hall of fame as a thank you from the entire Nextcloud community.
Read our threat model to know what is expected behavior.
PGP Key for Submissions
In order to facilitate secure submission of security issues,
we provide the following PGP key for confidential submission:
Key ID
A724937A
Fingerprint
2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A
We do however recommend to not encrypt the information submitted
via HackerOne as only a small subset of the team has access to this key.
Guidelines
Responsible disclosure
guidelines
The Nextcloud community kindly requests that you comply with the following guidelines when researching and reporting security vulnerabilities:
- Only test for vulnerabilities on your own install of Nextcloud Server
- Confirm the vulnerability applies to a supported product version
- Share vulnerabilities in detail only with the security team
- Allow reasonable time for a response from the security team
- Do not publish information related to the vulnerability until Nextcloud has made an announcement to the community
Get started now
Reduce compliance risks, improve internal collaboration and reduce
operational expenses with the leading content collaboration platform.
Contact us now to learn how Nextcloud can help you!
Supported Product Versions
Nextcloud Server
- 30.0.0 (latest release)
- 29.0.x
- 28.0.x
You will find our Maintenance and Release Schedule on GitHub. Please have a close look into the End of Life-section. Note that the Github page has the authoritative list of supported releases – the list above is manually maintained and thus occasionally outdated.
If you want to continue to use versions, which reached their End of Life, please contact Nextcloud sales to get access to our Long Term Support offering.