At OpenCloud we take all security aspects in all components of the platform seriously. We appreciate your efforts to responsibly disclose your findings, and will do our very best to acknowledge your contributions.
Important
Please do not report security vulnerabilities through public GitHub issues.
If you have discovered a security matter with OpenCloud, please follow general responsible disclosure guidelines and report the problem via email to security@opencloud.eu.
Your report should include:
- Affected project component(s) and their specific versions
- A good description of the vulnerability
- Steps to reproduce the issue, incl. potentially required test data or other needed details
-
You will receive an initial acknowledgement as soon as possible.
-
After that, a member of the security team will confirm the vulnerability, determine its impact, follow-up with any questions, and coordinate the fix and publication.
-
The fix will be applied to the affected components of the project, tested, and distributed in the next security release. The vulnerability will be publicly announced after the release.
Thank you for your help!