Security patches - policy and how-to
Nextcloud GmbH provides security patches for its customers as part of its long term support offering. This service allows customers to run their servers in a secure way without unscheduled downtime and remain on a major Nextcloud Enterprise release that works for them for up to 5 years. Note that this service does not apply to the community version of Nextcloud, which only gets 8 months of updates. After 8 months, security and stability problems are no longer addressed and it can generally not be considered secure to run unmaintained software.
Generally speaking, releasing updates with security fixes increases the risk for unpatched systems as malicious actors can look through the code changes and find out what problems were fixed. Thus, for a typical server system, a clock starts ticking when a vendor releases security updates. To help our customers plan updates and decrease this risk, we provide patches and advance warnings of security updates.
In this article, we describe our security process and how security info and patches are provided and can be applied.
Subscriber exclusive content
A Nextcloud Enterprise Subscription provides unlimited access to our knowledge base articles and direct access to Nextcloud engineers.