Please do not report vulnerabilities using the issue queue. Instead, please email sysadmins at inveniem dot com if you believe you have found a vulnerability in the way that our Docker images are packaged or configured.

If you believe you have found a vulnerability in Nextcloud itself, please do not report your issue to us. Instead, report it through Nextcloud's own system at https://hackerone.com/nextcloud.

We will respond to any vulnerability reported within 48 hours. Our response will provide an update on how quickly we believe we can commit to fixing the issue you have reported.