mirror of
https://github.com/roundcube/roundcubemail.git
synced 2026-03-19 22:37:01 +01:00
ef3053198c
* markdownify remaining docs [skip ci] * add docs folder [skip ci] * update paths in makefile [skip ci] * futureproof docs cleanup * revert makefile changes
20 lines
1.0 KiB
Markdown
20 lines
1.0 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Check our website's [download page](https://roundcube.net/download/) to see which versions are still supported and will receive security updates.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you found a security issue or vulnerability of the software, please report it to [Nextcloud's HackerOne](https://hackerone.com/nextcloud).
|
|
|
|
Your report should include clear steps for reproduction and a classification of the found vulnerability.
|
|
|
|
If you prefer, you can also send an encrypted email message to `security [at] roundcube.net`. The [PGP key](https://roundcube.net/download/security.roundcube.net.pub)'s fingerprint is `ACFCF63232B79518E632EC4B0127B799F939816F`.
|
|
|
|
## Publishing and Credits
|
|
|
|
We're dedicated to analyze and fix the reported issues as fast a possible. Usually within days we'll have an update ready.
|
|
Together with the reporter we plan the releasing and the disclosure of the found and fixed vulnerability.
|
|
Credits to the reporter are granted and can be included in all public communication if desired.
|