There is far more going on with an app like Nextcloud than just SSL stating that a check with ssllabs in anyway validates anything but basic security.
With all the Libs, apps and code any version is highly likely to contain exploits, or at least exploits to be found.
I am not sure if making the version number available is a good idea at all, opensource is about choice and choice of version you run, choice of what sources you make available and choice over what is publicly on show.
Forced obsolescence and shaming are not about choice and not what Opensource in my books is really about.
I jumped on the Nextcloud bandwagon because I was really pleased to see some of my previous reservations about Owncloud seem to be dispelled.
I am starting to get worried again, as for me there does some to be some very strange and dubious decisions being made that don’t fit my vision of efficient user led software development and the benefits of the crowd.
I have used various OpenSource platforms and scanning and being targeted is common, happens on Wordpress, Joomla, Oxwall… Depends on the plugins, some plugins deliberately advertise your site, so Nextcloud is not alone.
Security through obscurity in terms of not publicly bearing all on the internet of what you are and what you use for a vast number of Nextcloud users who do very much fit into the category of (Too small, No profit to attack / hack, not worth the effort) and also less technically competent to have rapid version upgrading and updating.
You don’t sell support by telling the internet the versions being run by users, WTF!
This could be an option and by default it should be off.