Security

Security Advisories  |  Hall of Fame

Security information

This page hosts our security policies and information with regards to reporting security flaws. You can follow our advisories via RSS.

For server owners, our documentation has a section with best practices and tips on securing an ownCloud server.

If you’ve discovered a security issue with ownCloud, please read our responsible disclosure guidelines and contact us at https://hackerone.com/owncloud. Your report should include:

A member of the security team will confirm the vulnerability, determine its impact, and develop a fix. The fix will be applied to the master branch, tested, and packaged in the next security release. The vulnerability will be publicly announced after the release. Finally, your name will be added to the hall of fame as a thank you from the entire ownCloud community.

PGP Key for Submissions
In order to facilitate secure submission of security issues, we provide the following PGP key for confidential submission:

Note: Make sure to not disclose details in the subject, as it will not be encrypted!

Responsible Disclosure Guidelines

The ownCloud community kindly requests that you comply with the following guidelines when researching and reporting security vulnerabilities:

Out of scope

Usually, the following types of bugs are out of scope from our security program:

Supported Product Versions

ownCloud Server:

ownCloud Desktop Client:

Third-party apps

Vulnerabilities in third-party applications should also be reported to the security team. The security team is not responsible for the security of these apps, but will attempt to contact the 3rd party app maintainer and then take proper actions.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close