@Paradox551 and @Boki4d, I understand the need to delay disclosure. But I stand by what I said: Nextcloud should have said, “Please see our security release process. We’ll disclose more later.” (@keresztg agrees.)
That’s what @Jospoortvliet said after two days of discussion and concern. I think it should have been in the original announcement.