No OneTemporary
Actions

Authored By

Unknown

Size

1 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/SECURITY.md b/SECURITY.md
	index adad867ae..aa0338df1 100644
	--- a/SECURITY.md
	+++ b/SECURITY.md
	@@ -1,18 +1,19 @@
	# Security Policy

	## Supported Versions

	Check our website's [download page](https://roundcube.net/download/) to see which versions are still supported and will receive security updates.

	## Reporting a Vulnerability

	-If you found a security issue or vulnerability of the software, please report with direct and encrypted email to thomas[at]roundcube.net
	-and alec[at]alec.pl. You can find the according PGP public keys on the major public keyservers like [pgp.key-server.io](https://pgp.key-server.io).
	+If you found a security issue or vulnerability of the software, please report it to [Nextcloud's HackerOne](https://hackerone.com/nextcloud).

	Your report should include clear steps for reproduction and a classification of the found vulnerability.

	+If you prefer, you can also send an encrypted email message to `security [at] roundcube.net`. The [PGP key](https://roundcube.net/download/security.roundcube.net.pub)'s fingerprint is `ACFCF63232B79518E632EC4B0127B799F939816F`.
	+
	## Publishing and Credits

	We're dedicated to analyze and fix the reported issues as fast a possible. Usually within days we'll have an update ready.
	Together with the reporter we plan the releasing and the disclosure of the found and fixed vulnerability.
	Credits to the reporter are granted and can be included in all public communication if desired.