Only the latest non beta release version of app_api are currently being supported with security updates.
Security is very important to us. If you have discovered a security issue with Nextcloud, please read our responsible disclosure guidelines and contact us at hackerone.com/nextcloud. Your report should include:
- Product version
- A vulnerability description
- Reproduction steps
If in scope of the project a member of the security team will confirm the vulnerability, determine its impact, and develop a fix. Otherwise, the team will contact the maintainer and make sure the issue gets fixed. The fix will be applied to the main branch, tested, and packaged in the next security release. The vulnerability will be publicly announced after the release.
Finally, your name will be added to the hall of fame as a thank you from the entire Nextcloud community.
Note our threat model to know what is expected behavior.
Please visit https://nextcloud.com/security/ for further information about security.