If you discover a security vulnerability in any Conduction Nextcloud app, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email us at: security@conduction.nl
Include the following in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if any)
- Acknowledgement: Within 48 hours of receiving your report
- Initial assessment: Within 1 week
- Fix and disclosure: We aim to resolve critical vulnerabilities within 30 days
We provide security updates for the latest stable release of each app. Older versions may not receive security patches.
This security policy applies to all repositories under the ConductionNL organization.
We appreciate responsible disclosure and will credit reporters (with permission) in our release notes.