If you discover a security vulnerability in the draw.io Nextcloud integration, please report it responsibly by opening a private security advisory on GitHub.

Please do not open a public issue for security vulnerabilities.

This policy covers the Nextcloud integration code in this repository (PHP backend, JavaScript frontend, configuration handling). The draw.io editor itself is maintained separately at jgraph/drawio — please report draw.io editor vulnerabilities there.

This repository is not covered by the JGraph SOC 2 process. We do not provide commercial services or support for this app.