Security patches - policy and how-to

Nextcloud GmbH provides security patches for its customers as part of its long term support offering. This service allows customers to run their servers in a secure way without unscheduled downtime and remain on a major Nextcloud Enterprise release that works for them for up to 5 years. Note that this service does not apply to the community version of Nextcloud, which only gets 8 months of updates. After 8 months, security and stability problems are no longer addressed and it can generally not be considered secure to run unmaintained software.

Generally speaking, releasing updates with security fixes increases the risk for unpatched systems as malicious actors can look through the code changes and find out what problems were fixed. Thus, for a typical server system, a clock starts ticking when a vendor releases security updates. To help our customers plan updates and decrease this risk, we provide patches and advance warnings of security updates.

In this article, we describe our securi


Attached Files
There are no attachments for this article.
Feedback

If you have any questions or feedback on this article, do not hesitate to contact us. We are here to help you get the most out of Nextcloud.