The following versions of OxiCloud are currently supported with security updates:
| Version | Supported |
|---|---|
| Latest | ✅ |
The OxiCloud team takes security issues seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
To report a security vulnerability, please follow these steps:
- DO NOT disclose the vulnerability publicly (e.g., in GitHub issues)
- Email details of the vulnerability to the project maintainers
- Include as much information as possible, such as:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fixes if available
After submitting a vulnerability report, you can expect the following:
- Acknowledgment: The team will acknowledge receipt of your report within 3 business days
- Assessment: We'll evaluate the vulnerability and determine its impact
- Plan: We'll develop a plan to address the vulnerability
- Fix & Release: Once fixed, we'll release an update
- Recognition: With your permission, we'll acknowledge your contribution in the release notes
- Keep your OxiCloud installation updated to the latest version
- Use strong, unique passwords for all user accounts
- Configure proper file permissions
- Regularly back up your data
- Consider running OxiCloud behind a reverse proxy with HTTPS
- Implement IP restrictions where appropriate
Thank you for helping keep OxiCloud and its users secure!