Release Notes
Dear ownCloud Server administrator, find below the changes and known issues in ownCloud Server that need your attention.
- Changes in 10.15.0
- Changes in 10.14.0
- Changes in 10.13.4
- Changes in 10.13.3
- Changes in 10.13.1
- Changes in 10.13.0
- Changes in 10.12.2
- Changes in 10.12.1
- Changes in 10.12.0
- Changes in 10.11.0
- Changes in 10.10.0
- Changes in 10.9.1
- Changes in 10.9.0
- Changes in 10.8.0
- Changes in 10.7.0
- Changes in 10.6.0
- Changes in 10.5.0
- Changes in 10.4.1
- Changes in 10.4.0
- Changes in 10.3.2
- Changes in 10.3.1
- Changes in 10.3.0
- Changes in 10.2.1
- Changes in 10.2.0
- Changes in 10.1.1
- Changes in 10.1.0
- Changes in 10.0.10
- Changes in 10.0.9
- Changes in 10.0.8
- Changes in 10.0.7
- Changes in 10.0.6
- Changes in 10.0.5
- Changes in 10.0.4
- Changes in 10.0.3
- Changes in 10.0.1
- Changes in 10.0.0
- Changes in 9.1
- Changes in 9.0
- Changes in 8.2
- Changes in 8.1
- Changes in 8.0
- Changes in 7.0
Changes in 10.15.0
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.15.0 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
New Feature Telemetry Reporting for Enterprise Customers
Servers with a license key installed will send daily telemetry reports unless opted out. See direct customer communication, the telemetry brief and our general privacy policy for details. configreport/#197
Fix Wrong Logic When 'allow_user_mounting' is Initially Undefined
On a freshly installed system, the checkbox '[ ] Allow users to mount external storage' is not set, implying 'no'. The code handled this as 'yes' until the admin once selected and unselected the checkbox. #41271
Allow Users to Only Update Own External Storage Configurations
Prevent users from changing external storage configurations not belonging to them. #41225
Verify Link in Public Link Notification OCS Share API
The frontend is generating the URL to the public link share and submitting it to the server via the OCS Share API. Via the pure usage of this API any URL could be sent out to any email address (as long as being logged in). This change adds some hardening and validates that the URL is pointing to one of the configured trusted domains. #41214
Sanitize SVG
For the purpose of hardening SVG support, xlink:href
as well as other ìmage
tags will now be completely blocked. #41234
Remove IoC Scanner Instructions
IoC scanner instructions, firstly introduced in 10.13.4 and which were displayed during upgrade (console as well as Web Updater) and in the admin settings, have been now completely removed. #41260
Fail Fast on Unresponsive Remote Servers
If a remote/federated server is not responding the share will not be added and any request will now fail faster. Additionally, the checks for reachability now include the port number. #41210 #41237
Handle no Longer Existing Users in Preview Cleanup
A deleted user can still have previews in the database (mainly because the final delete job did not complete yet). Such users are no longer being processed so that no exceptions will be generated by the preview cleanup job. #41247
No Update Check If Not Connected to the Internet
If an ownCloud instance is not connected to the internet there is no need for polling for updates in the update notification app. #41262
Remove Logic for Internet Explorer 11 Compatibility
Internet Explorer 11 deprecation was already announced in version 10.13.0. Now JavaScript Internet Explorer 11-compatible logic has been completely removed. #41107
Default Value of preview_max_dimensions
Is Now 6016x6016
The config.php option preview_max_dimensions
which is being used to define the maximum dimensions of the original image for preview generation now defaults to 6016x6016. This allows processing of 4K portrait images by default. #41263
Disallow HTTP API Requests for User External Storages When Disabled
The admin UI setting 'Allow users to mount external storage' now also controls if requests into the files_external API are allowed. https://github.com/owncloud/core/pull/41250
Updated App Versions
Find below a list of updated apps in comparison with the 10.14.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Config Report: 0.3.0
-
Custom Groups: 0.9.1
-
Diagnostics: 0.2.1
-
Document Classification: 1.5.2
-
External Storage: Dropbox: 2.0.2
-
Market: 0.9.0
-
OpenID Connect: 2.3.0
-
Updater: 1.1.1
Known Issues
Currently there are no known issues with ownCloud Server 10.15.0. This section will be updated if issues are discovered.
Changes in 10.14.0
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.14.0 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
When upgrading from ownCloud Server 10.14.0, the following migrations will run as part of the upgrade procedure:
-
A migration step takes care of disabling the Template Editor app, if enabled (see below). This step is expected to be quick and should not impact upgrade duration significantly. #41168
-
A migration step takes care of setting oc_file_locks.id to bigint (see below). This step is expected to be quick and should not impact upgrade duration significantly. #41158
Log.conditions With shared_secret
Shall not Break File Uploads
Any file upload (or PUT request in general) could have caused a 500/Internal Server Error due to wrong usage of the request object. This is now fixed. #41044
Create Previews from First Page
On multi-page documents (doc, odt, pdf, etc.) the preview will now be generated from the first page and no longer from the last page. #41045
Fix Expiration Date and Eliminate Duplicate Entries in File List
We have addressed two visual issues in the Web UI file list. Firstly, the problem where the start of the epoch was mistakenly displayed as an expiration date in the shared file list has been resolved. Secondly, we have tackled the bug causing duplicate entries to appear when switching between shared tabs and clicking on a file list entry. #41056
LDAP Groups Will be Properly Applied to External Storages
The admin can setup external storages to be used by specific users and groups. When a LDAP group was setup, there were some issues so users belonging to that group weren’t able to access the external storage even though they should. Now, users belonging to LDAP groups can access external storages configured to be accessed by those groups. #41063
Disallow Browsers to Translate the Frontend
Web frontend offers a lot of proper translations. Browser capabilities are not needed. #41067
Limit Performance Impact when Version Metadata is Enabled
Negative performance impact when file_storage.save_version_metadata
is enabled has been resolved. #41069
Proper Error Handling when Deleting Users or Groups
In case of an error when deleting a user or a group no proper feedback was given to the user. This is now fixed. #41077
Account Terms Can be Removed if They Differ From the Ones Stored
Search terms for the account can now be removed from the DB if they differ from the ones stored in the DB. This can happen with the user_ldap app, when user search attributes are removed from the connection configuration in the LDAP wizard. #41120
Add Compatibility for richdocuments.document.index Route
Because of a change first introduced in richdocuments 4.1.0, it was necessary to add compatibility for the richdocuments.document.index route. #41161
Decommission of Template Editor App
App has been deprecated and themes should be rather used to change mail templates. #41168
The user:list -a
occ Command now Correctly Displays the User’s Creation Time
Previously, the user:list -a
occ command was not correctly returning the user’s creation time but rather the path to the user’s home directory. This has been now fixed. #41125
Set oc_file_locks.id to bigint
In rare cases, the id column in the file_locks table could hit its limit (defined as int(10) unsigned) as it is set as autoincrement. This is now set to bigint. #41158
Store User Information in Explicit Variable
Before user information was stored in the browser global object. In some rare cases browsers seemed to loose data stored in the global object. This is fixed now. #41054
No Activities on Rejected Shares
As soon as a user has rejected a share no activities within this share are now reported via the activity app. #41078
CalDAV Query Where the Time Range Is not Given
Outlook CalDAV plugin is sending false
as time range which no longer results in a crash. #41050
Image Dimension Validation on Avatar Upload
For avatar generation we now do not accept images exceeding specific dimensions (4k - 4096×2160). #41175
Max Image Dimensions for Preview Generation are Now Configurable
For preview generation it is now possible to define the maximum dimensions of the original image by using config.php options. Note that images bigger than the defined dimensions will not be processed. Default is 6016x4000, which corresponds to 24 MP. Please refer to preview_max_dimensions
in config.sample.php for more details. #41193
Replace the isAdmin Implementation
Instead of asking the backends for the groups a user belongs to, we now get the admin group and list the members to detect if user is admin or not. #41171
Fix Log Exceptions for mp3 Previews
Log exceptions for mp3 files previews are no longer generated. #41153
Notable Changes
Updated App Versions
Find below a list of updated apps in comparison with the 10.13.4 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Custom Groups: 0.9.0
-
Document Classification: 1.5.1
-
File Lifecycle Management: 1.3.5
-
PDF Viewer: 1.0.2
-
Guests: 0.12.4
-
Impersonate: 0.6.0
-
Mail Template Editor: 0.5.0
-
LDAP Integration: 0.19.0
Known Issues
Currently there are no known issues with ownCloud Server 10.14.0. This section will be updated if issues are discovered.
Changes in 10.13.4
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.13.4 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Show Alert about IoC Scanner to All Customers on Upgrade
We now display IoC scanner instructions to all customers (a valid license key needs to be present) during upgrade (console as well as Web Updater) and in the admin settings. #41137
Background: The Indicators of Compromise (IoC) tool plays a vital role in identifying potential security threats or breaches. The tool analyzes your ownCloud 10 deployments and determines whether they have possibly been compromised via the known vulnerabilities. It collects information from the Apache logs and identifies the signatures of potential exploits. Please note, the tool has to be run on ALL ownCloud servers in case of a clustered setup!
2FA Check on Controllers Which Are Annotated as @PublicPage and Also Authenticated
Some controllers define methods which are publicly accessible and accessible for authenticated users at the same time. In such situations the 2FA handling was bypassed because of the @PublicPage annotation. We now check 2FA on controllers which are publicly accessible and authenticated. #41123
Known Issues
Since we reverted #41014, upon removing a mountpoint configuration from the web UI, the occ command files:remove-storage
is currently not able to properly find the candidates to delete in case shares have been created for files/folders located on those mountpoints.
Changes in 10.13.3
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.13.3 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Fix Potential Issue with the Preview Cleanup Job in PostgreSQL
One of the filters of the preview cleanup job requires casting a filename, which is supposed to contain only digits, to an integer. The expected execution of the DB query should filter the results so the condition above should be true, but the DB’s query planner might choose to apply the filters in a different way, so we could potentially cast random strings to integer. In the case of PostgreSQL, the cast function will cause an error if the string can’t be cast to an integer (because it has non-digit chars, for example). This situation is fixed for all the supported DBs, so we don’t require the query planner to execute the query in any particular way. #41051
Revert [#41014] for Performance
The #41014 PR introduced performance problems for large installations. We are therefore reverting that change. #41059
Users Can Only Delete Their Own External Storage Configurations
Ensure that users can only delete their own external storage configurations. #41092
Update config.apps.sample.php
Comments describing the configuration variables related to the Kerberos and Windows Network Drive app are now updated and in sync with published online documentation. #41109
Updated App Versions
Find below a list of updated apps in comparison with the 10.13.2 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Custom Groups: 0.8.0
-
Kerberos Integration: 1.0.1
-
S3 Primary Object Storage: 1.6.0
-
Text Editor: 2.6.1
-
Password Policy: 2.2.1
Known Issues
Since we reverted #41014, upon removing a mount point configuration from the web UI, the occ command files:remove-storage
is currently not able to properly find the candidates to delete in case shares have been created for files/folders located on those mountpoints.
Changes in 10.13.2
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.13.2 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Fix View on Users Page for Subadmins
Previously, subadmins couldn’t read app config values. This caused problems in the users page because some of the functionalities were depending on the config values that subadmins couldn’t read. These problems are now solved. #40961
Delete All Files from Object Storage When User Is Deleted
In previous versions when a user was deleted, files belonging to this user were not correctly removed from the object storage (s3) and were therefore left as remnants, unnecessarily using up space. This has been corrected and files are now properly removed. #40959
Remove "Fill ETags" Repair Step
The legacy "OC\Repair\FillETags" repair step, executed during upgrades, had prolonged execution times without delivering any further repairs. For this reason, the repair step has now been removed. #40996
Allow Media Viewer App to Work with HEIC and HEIF Formats
We removed the regular expression related to HEIC and HEIF files from the preview manager list as this was preventing the files_mediaviewer app from correctly interpreting these mime types. The app is now able to open such files. #40990
Prevent mounting of shares with failed underlying storages
Some mounts use a shared storage which is pointing to a different storage. In case the underlying storage was removed (removal of the external mount from the web UI), the share mount was still being present as if the underlying storage could still be accessed. This was causing problems with the "files:remove-storage --show-candidates" occ command because the removed storage wasn’t shown as a possible candidate. Now that shared storage won’t be mounted and the underlying storage will be detected as a candidate to be removed with the mentioned command. #41014
Check if Account Creation Time Exists for Migrations
In some rare scenarios it could have happened that the migration responsible for adding the creation time in the oc_accounts table was not correctly inserted into the oc_migrations one with the consequence that it was reattempted i.e., when upgrading apps, even if the column was already present. This has been fixed. #40991
Solved Known Issues
All known issues in Server 10.13.1 have been fixed:
-
The database query used to identify the previews that need cleaning up has been enhanced for optimal performance. As a result, the background job responsible for this task will have significant performance improvements. #40974
Updated App Versions
Find below a list of updated apps in comparison with the 10.13.1 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Microsoft Office Online: 1.8.1
Known Issues
There is a performance impact related to certain external storage mounts in ownCloud Server 10.13.2. Possible workaround: Revert via diff
Changes in 10.13.1
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.13.1 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Open in Web Improvements
The "Open in Web" feature for direct editing of office documents now properly works on iOS and Desktop clients with Collabora. #40958
Avoid Loading 3rd-party Resources
The "Open in Web" configuration offers icons to be shown in the clients. This is e.g., used by the iOS 12.0.3 client. We now ship the icons embedded in core. #40953
Notable Changes
-
Fix: disallow pre-signed url access if the signing key is not initialized. #40962
-
New code was added to dismiss invalid settings of the redirection endpoint URI as seen in the OAuth2 protocol, according to RFC#7636. oauth2#349
Updated App Versions
Find below a list of updated apps in comparison with the 10.13.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
https://marketplace.owncloud.com/apps/graphapi [Graph API]: v0.3.1
-
https://marketplace.owncloud.com/apps/guests [Guests]: 0.12.3
-
https://marketplace.owncloud.com/apps/oauth2 [OAuth2]: v0.6.1
Known Issues
-
Two cron jobs related to cleaning up left over thumbnails were not properly enabled in the past (
PreviewCleanupJob
). In 10.13.0 the code was fixed, and the jobs started running. However, in certain cases with an exceptionally high number of potential cleanups, these jobs can now take up a substantial amount of database resources. We propose to temporarily disable the offending job until we have a fix.
Changes in 10.13.0
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.13.0 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Internet Explorer 11 Deprecation Note
Internet Explorer 11 support will be dropped in the next server release.
Update Symfony from 4.4.* to 5.4.*
Symfony framework has been updated to LTS major version 5.4. This also affected a number of apps which required a new release and have been now included in the complete bundle.
Drop Setup of User Key Encryption
User key encryption has already been deprecated in core versions later than 10.7. For this reason, the command line interface and web UI to enable user key encryption are no longer available. If you are operating an ownCloud installation with user key encryption enabled, please get in contact with support@owncloud.com to plan a migration to master key encryption. encryption#389
User Key Encryption Is No Longer Auto-Enabled
Executing the encryption:encrypt-all
occ command will no longer auto-enable user key encryption. #40702
Added occ Command to Remove Obsolete Storages
Metadata coming from storages is stored in the database. Previously, when a storage has been removed from ownCloud, metadata remained in the DB. The new occ command allows removing that stored metadata, reducing the amount of space used by the DB as well as slightly improving the performance since there will be fewer entries. #40779
Enforce 2-Factor Authentication
2-factor authentication can be enforced now. The feature requires at least one app implementing 2-factor authentication, otherwise no enforcement will be done. If 2-factor authentication is enforced, all users will be required to use a 2-factor authentication app. Some specific groups selected by the admin can be excluded to let those users bypass 2-factor authentication. #40830
Setting up Federation Sharing over the Web UI Can Use Trusted Servers Again
After an update of the guzzle library in previous core versions, it was no longer possible to set up new trusted server relations for federated sharing over the Web UI because of the wrong format used during the token exchange phase. We now explicitly set the format to be json so that the exchange is correctly done. #40815
Add Commands to Handle Trusted Servers from the Command Line
New occ commands have been added to handle the trusted servers for federation from the command line. These commands will allow the admin to add, list and remove trusted servers. #40796
Implement App Registry
By using a new option Open in..
in the iOS (version 12.0.3+) or Desktop client (version 4.0+) it is now possible to directly open a file in the Office Suite being installed on the ownCloud server. #40843
Skip share_folder
for Guest Users
When the share_folder
config.php option was set, guest users could no longer see their received shares. We now skip the share_folder
config.php option for guest users and default to root. #40864
Apply Same Restrictions for All the Shares
Remote shares will have the same restrictions as user and group shares. This means that, in order for a remote user to show up as sharee, the search term length must be greater than the minimum configured otherwise only exact matches will be shown. #40885
Clean up Storage and Database After Failed File Uploads
Storage and database are now cleaned up of any remaining items if a file upload fails. #40892
Bump Files App Version
The files app version was not properly increased when the OCA\Files\BackgroundJob\CleanupPersistentFileLock
and OCA\Files\BackgroundJob\PreviewCleanupJob
background jobs were originally added. As a result, those two jobs were not correctly inserted into the oc_jobs
table upon a core upgrade. First time installations are not affected as their jobs are correctly added. #40878
Explicitly Set Open Mode in the Checksum Wrapper
Uploading files to some external storages via the desktop client was causing issues due to the checksum wrapper. We are using additional wrappers and the mode wasn’t being detected correctly in some cases. Using the right mode in the checksum wrapper was required in order to decide whether we should have discarded the final checksum or not; in this case, the checksum was being discarded so it was causing a checksum mismatch. Now the open mode in the checksum wrapper is set explicitly. #40832
Align to New accounts.google.com Authorization URI
Core 10.12.1 brought an update of the google/apiclient from version 2.12.6 to 2.13.1. However, in version 2.13.0 the accounts.google.com authorization URI has been updated. This change broke old code that uses the setApprovalPrompt('force')
instead of the newer setPrompt('consent')
method, as this endpoint does not support the legacy approval prompt parameter. This has been now fixed. #40783
Fix for Query Unnecessarily Deleting Thumbnails
Fixed query that detects unused thumbnails to prevent unnecessary deletes and potential recreations. #40801
Automatically Disable Online Updater for Enterprise
Online updater is not recommended for Enterprise installations and is now automatically disabled in such cases. #40841
Versions Expire Job No Longer Reports an Error with Federated Shares
The versions expire job does not report errors anymore with federated shares when versioning metadata is enabled. #40847
Display and delete invalid background jobs
Background jobs can be no longer valid because they are from an old version of an app, or from an app that has been disabled. These jobs can now be listed with the command occ background:queue:status --display-invalid-jobs
and can be deleted with the command occ background:queue:delete <Job ID>
. #40846
Rely on Server to Sort the User List
Previously, the user list was sorted in the browser. This was causing confusion because the sorting happened without taking into account all the items, so there were some weird effects. There is no sorting in the browser now. The server is expected to return the list of users already sorted, so the browser just needs to show the list. #40840
Remove the add group
Button from the Dropdowns in the Users Page
The add group
button has been removed from the dropdowns because the behavior was confusing. You can still create new groups in the users page by using the add group
button in the top left corner of the users page. The dropdowns will only select existing groups, but they won’t add new groups. #40770
Require firebase/php-jwt in Core
firebase/php-jwt version 6 is now part of core and all apps can rely on it. #40901
New Default Minimum Supported Desktop Client Version
To ensure clean and reliable operation of the ownCloud platform it is important to stay up-to-date with the latest releases of the server as well as the clients. To take care of compatibility between the server and desktop clients, the minimum version the server will accept connections from has been raised to version 3.2.1
.
While it’s recommended to keep up with later versions, this is the new default value. #40876
Notable Changes
-
Setup checks now allow values other than
none
for X-Robots-Tag header. Ifnone
ornoindex
andnofollow
are missing, a security warning is raised. Previously a header value withnoindex
andnofollow
wasn’t allowed even though it was valid. #40715 -
The
Last Login
column on the Users page is now correctly hidden if the setting is initially unchecked. #40771 -
User input is validated now in UserController. #40769
-
A system tag with a too long name resulted in potentially inaccessible data. #40804
-
A federated share with a too long name resulted in inaccessible data. #40726
-
Due to Apache rewrite rules originally not existing headers could hold an empty string. #40856
-
Verbose command output of
background:queue:execute
is now displayed. #40844 -
There have been rare cases where deleting a file from a Google Drive mount could have thrown an undefined variable error. Since the process completed without further issues, no errors should have been thrown. This fix initializes the variables for these cases properly, making the error go away. #40822
-
Some occ commands could have returned an invalid exit status when executed. This has been corrected and occ commands will now always return an integer exit status. Zero (0) is success, any other value indicates a problem. #40793
-
Do not correct parent folders if the target isn’t fully scanned. #40730
-
Trying to connect an external WebDAV storage to a non-WebDAV server will now fail when trying to initiate the first connection. This prevents connecting to an invalid server, and thus prevents problems for users. #40861
-
We have added an
if-statement
in the ShareesController code of the files_sharing app that searches for remote sharees. When thesciencemesh
app is installed, it will be used instead of the federatedfilesharing app to find sharee matches for OCM sharing. #40886 -
Changed the share dropdown to expand to the page bottom if there are more entries. #40873
Updated App Versions
Find below a list of updated apps in comparison with the 10.12.2 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
https://marketplace.owncloud.com/apps/activity [Activity] 2.7.2
-
https://marketplace.owncloud.com/apps/admin_audit [Auditing] 2.1.4
-
https://github.com/owncloud/configreport/releases [ConfigReport] 0.2.2
-
https://marketplace.owncloud.com/apps/customgroups [Custom Groups] 0.7.2
-
https://marketplace.owncloud.com/apps/diagnostics [Diagnostics] 0.2.0
-
https://marketplace.owncloud.com/apps/drawio [Drawio] 1.0.1
-
https://github.com/owncloud/encryption/releases [Default encryption module] 1.6.1
-
https://marketplace.owncloud.com/apps/files_antivirus [Anti-Virus] 1.2.2
-
https://marketplace.owncloud.com/apps/files_classifier [Document Classification] 1.4.0
-
https://marketplace.owncloud.com/apps/files_lifecycle [File Lifecycle Management] 1.3.4
-
https://marketplace.owncloud.com/apps/files_primary_s3 [S3 Primary Object Storage] 1.5.0
-
https://marketplace.owncloud.com/apps/files_texteditor [Text Editor] 2.6.0
-
https://github.com/owncloud/firstrunwizard/releases [First run wizard] 1.3.0
-
https://marketplace.owncloud.com/apps/impersonate [Impersonate] 0.5.3
-
https://marketplace.owncloud.com/apps/kerberos [Kerberos Integration] 1.0.0
-
https://marketplace.owncloud.com/apps/market [Market] 0.8.0
-
https://marketplace.owncloud.com/apps/metrics [Metrics] 1.4.0
-
https://github.com/owncloud/notifications/releases [Notifications] 0.6.0
-
https://marketplace.owncloud.com/apps/oauth2 [OAuth2] 0.6.0
-
https://marketplace.owncloud.com/apps/password_policy [Password Policy] 2.2.0
-
https://marketplace.owncloud.com/apps/ransomware_protection [Ransomware Protection] 1.7.0
-
https://github.com/owncloud/updater/releases [Updater] 1.1.0
-
https://marketplace.owncloud.com/apps/user_ldap [LDAP Integration] 0.18.0
-
https://marketplace.owncloud.com/apps/user_shibboleth [SAML/SSO Integration] 3.6.0
-
https://marketplace.owncloud.com/apps/web [Web] 7.0.3
-
https://marketplace.owncloud.com/apps/windows_network_drive [External Storage: Windows Network Drives] 2.3.1
-
https://marketplace.owncloud.com/apps/wopi [Microsoft Office Online] 1.7.0
-
https://marketplace.owncloud.com/apps/workflow [Workflows] 0.6.0
Known Issues
Currently there are no known issues with ownCloud Server 10.13.0. This section will be updated if issues are discovered.
Changes in 10.12.2
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.12.2 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Disallow permissions to be upgraded via federated sharing
Do not allow setting higher permissions on a federated share for a resource which was shared with limited permissions. #40803
Filter sensitive data in log for Session::loginInOwnCloud
The loginInOwnCloud
method contains sensitive data in the argument list and needed therefore to be added to the list of methods where sensitive parameters are being obfuscated. #40792
Changes in 10.12.1
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.12.1 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Fix Permission Bits when Enforcing Passwords on Public Links
Passwords on public link files with read + write permission were not correctly enforced. The usage of the permissions bits has been now fixed so that, when selecting "Enforce password protection for read + write + delete links", passwords are correctly enforced. #40701
Prevent 507 Insufficient Storage on 32-Bit Systems
With the introduction of https://github.com/owncloud/core/pull/40567 compatibility with 32-bit systems broke as we are now casting $freeSpace to int and this caused an integer overflow on such systems when the free space was above the max supported value. We added an additional check for 32-bit systems in QuotaPlugin.php. #40709
Fix quota for 32-Bit Systems
Quota calculation on 32 bit systems suffered from an inconsistent use of float and integer data types. The fix now correctly supports that the size could be either an integer or a float. #40729
Package firebase/php-jwt in files_texteditor
Since version 2.5.0 of the files_texteditor app we use Firebase\JWT\JWT, but this dependency was not directly shipped with files_texteditor. This was not an issue if the files_external or WOPI app(s) were enabled as they include the same dependency. However, if both apps were disabled the functionality of the files_texteditor app broke. We now ship this dependency in files_texteditor as well. files_texteditor#389
Solved Known Issues
Add RewriteBase to .htaccess
Referencing Known Issues of 10.12.0.
In previous core versions, the setting of the htaccess.RewriteBase
config.php option was not added to the generated .htaccess file. The use of a more hardened .htaccess file in version 10.12.0, introduced by #40584, caused the files view in the web UI to be empty in setups described in the referenced known issue. Additionally, the desktop app was not able to sync and an error 405 (Method not allowed) was returned. The htaccess.RewriteBase
is now correctly added to the .htaccess file, see the fix at #40697.
Respect User Home Folder Naming Rule for Chunks Uploads
When using the User Home Folder Naming Rule (configurable in the Advanced tab of the LDAP wizard), which allows to specify the home folder by means of an LDAP attribute, chunks of users' uploads were wrongly created under the default data directory rather than inside the configured home directory. We are now using the getHome() method for getting the user’s home so that chunks uploads respect the configured home directory. https://github.com/owncloud/core/pull/40693 [#40693] #40719
Updated App Versions
Find below a list of updated apps in comparison with the 10.12.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Text Editor 2.5.1
-
Metrics 1.2.0
Known Issues
Google Drive external storage integration
Core 10.12.1 brought an update of the google/apiclient from version 2.12.6 to 2.13.1. However, in version 2.13.0 the accounts.google.com authorization URI has been updated. This change breaks old code that uses the setApprovalPrompt('force')
instead of the newer setPrompt('consent')
method, as this endpoint does not support the legacy approval prompt parameter. As a result, Google Drive external storage integration is currently broken. This will be fixed in core version 10.13.0, please refer to https://github.com/owncloud/core/pull/40783 for more details.
Changes in 10.12.0
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.12 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
When upgrading from ownCloud Server 10.11.0, the following migrations will run as part of the upgrade procedure:
-
A migration step takes care of setting the length of the "oc_calendars.components" column to 255 (see below). This step is expected to be quick and should not impact upgrade duration significantly. #40563
-
An index is going to be added on the oc_filecache table which should speed up bulk file operations. Consider that this migration step may take several hours in case of installations where the oc_filecache table contains a significantly large number of entries. #40633
Drop PHP 7.3 Support Across the Platform
Support for security fixes for PHP 7.3 ended in December 2021. ownCloud Server no longer supports PHP 7.3 therefore ensure that you are using PHP 7.4. #40394
Before upgrading to ownCloud Server 10.12, you MUST upgrade to PHP 7.4. ownCloud Server 10.12 will not start when using PHP 7.3. |
Persistent Major File Versions Workflow
To save space, old versions of files are usually deleted over time according to ownCloud’s retention policy. Users are now able to mark the current version as "published". This increases the major version tag and prevents deletion. Also, restore operation logic changed. Now restore creates a new current version of the file from one of the past noncurrent versions of the file. The current version also receives incremented mtime for the file, and author of the file is the user who restored it. The old noncurrent version is no longer removed upon restore and the current version no longer receives mtime of that version. The current version of the file is now shown in the Versions Tab, highlighted with "gray" background. Versions now persist additional extended metadata on versioning tags, that allow easier identification of the versions. Each update increases the minor version for the file. Each new edit of the file creates noncurrent versions - the ones tagged with major version due to publishing will persist long term and won’t be subject to any retention policies. Migrate from deprecated save_version_author to save_version_metadata. #40531
Support for Login Policies
Support for login policies has been added in order to block the login of users under some circumstances. By default, there isn’t any restriction, so any user can login normally (assuming the password is correct). A group login policy has been added. This policy allows or denies users to log in based on the login type being used (username + password, openID Connect, etc.) and whether they belong to specific groups. This can be used to ensure a group of users is always authenticated using a determined authentication mechanism. #40574
Properly Remove File Versions from the Trashbin
Previously, restoring or removing a file from a deleted folder (the folder and the contents were in the trashbin) didn’t remove the versions of the file. Those versions were left in both the database and the file system, taking up space and degrading the performance. This is now being handled properly, so no resources are consumed due to the versions being left stranded. #40291
"available for" Selection in the Mount Point Configuration Now Shows the Display Names
The "available for" selection of the mount configuration of external storages was using the group ID. This wasn’t a problem because for local groups the group ID matches the group display name, and for ldap groups the group ID was the "cn" attribute. Due to recent changes, the ldap group will now use the "objectuid" attribute (or a similar attribute) as group ID by default. This was causing the "available for" selection to show that "objectuid", so identifying the right group was problematic. Now, the "available for" selection will show the group display name, which for ldap is the "cn" attribute by default. Note that this happens on new installations. There is an automatic migration in place, so for upgrades, the "cn" attribute will be set as group name in order to keep the old behavior. #40412
Skip Public Links When Updating Permissions of a Share’s Children
Updates to permissions of a share were wrongly propagated to public links' children. This has now been fixed and public links are being skipped. #40420
Checksums Only Stored if the Whole Stream Has Been Read
Previously, range downloads (or downloads requesting a specific byte range) would store a checksum, if needed, based only on the requested range. This caused problems because the checksum is expected to be for the whole file. Now those range downloads won’t store a checksum because only a part of the file has been read, so the checksum would be incomplete. Some additional cases have been taken into account, mostly based on actions that could happen on the data stream, but they shouldn’t happen normally. #40513
Fixed the dav:cleanup-chunks Command to Work With a Configured Folder
ownCloud’s file system was initialized partially to prevent contacting the LDAP server if it was configured. This was causing problems because the upload folder where the chunks were expected was a mount point, and due to the partial file system initialization such a mount point was missing, so we were checking a different folder (the default one). Now, ownCloud’s file system will be fully initialized instead, so that the mount point will be present and we check the right location. #40571
Copy the Encryption Keys First and Then Rename the Files
With encryption enabled when a file was renamed, first the actual file was renamed, and then the encryption keys were moved to the new location. If something went wrong, it was possible that the keys weren’t moved. This caused the file to become inaccessible because we couldn’t decrypt the file due to the missing keys (which weren’t in the right place). Now, when a file is renamed, the encryption keys will be copied first, and then the file will be renamed. If copying the encryption keys fails, renaming will fail. After the encryption keys are copied, the file could still fail to be renamed. In this case, the copies of the keys will be removed, but the file will still be accessible because we still keep the old keys. The original keys (not the copy) will be removed if the file is successfully renamed. #40433
Delete Action Is Removed from Sharing Sections
In the files apps, the "shared with others" and "shared by link" sections allowed people to use a delete action on a file or folder present in that list. This was causing problems because people accidentally removed the folder when, in fact, they wanted to unshare it. This delete action isn’t present any longer. You can revoke shares by accessing the file or folder’s details. If you want to delete the file or folder, you can do it from the regular "all files" section. #40497
Allow to Temporarily Ignore Invalid Federated Shares
This change is targeted mostly at tightly federated setups. Currently, if a federated share is invalid or the API endpoint returns "not found", an availability check would validate whether this is a problem with a server, and that given share is removed. However, in some cases these checks might not be enough (e.g., complex migrations in tightly federated setups). In that case the invalidation behavior can be disabled by using the app setting: "occ config:app:set files_sharing enable_cleanup_invalid_external_shares --value no". #40503
Fix Orientation of Images with EXIF Data
Some images with large EXIF data had problems with the orientation when they were shown. This was caused by the native function failing to retrieve the EXIF data. Images with small EXIF data didn’t have this problem. By making the chunk size of the stream bigger, the native function is now able to load the EXIF data properly and return the information, and with such information we can fix the orientation of the image. #40600
Remove Empty Directories from the files_versions
Empty directories were left when the contained versions were deleted or moved. Large installations might end up with too many of these empty directories. Now, when a version is deleted, the containing directory will also be deleted if there aren’t any more versions inside. #40499
Use Correct Themed l10n App Folder When the App Lives outside of Server Root
When an app_path is pointing outside of the ownCloud server root or uses a symlink, under certain conditions the l10n folder points to an invalid location and results in a crash of the server. This happened due to the assumption that app paths always start with the server root path. #40607
Fix Share-into-Share Move Scenario
Public links were lost upon moving a share into another share as the share owner was not correctly set. This has now been partially fixed. #40612
Prevent Creation of Empty Files and Folders When No Quota Is Available
Until now it was possible for users with 0 quota or who already reached the limit of their assigned quota to still create empty files/folders, which was confusing. This behavior has been fixed. #40567
Drag & Drop Folders into Public File Upload
Previously only files were accepted via drag & drop. Users can now also drag folders into a public link that has the filedrop flag. When adding a folder, the hierarchy is flattened out and all files are added without any subfolders. Name collisions are avoided as usual. #40643
Add Support for OCM via ScienceMesh
We have added an if-statement in the files_sharing ShareesController code that searches for remote sharees. When the config entry "sharing.remoteShareesSearch" is set to the name of a class that is registered in the server container and that implements "IRemoteShareesSearch" (for instance the "ScienceMeshSearchPlugin" that the "sciencemesh" app registers) it will be used instead of the federatedfilesharing app to find sharee matches for OCM sharing. #40577
Allow Specifying Available Space for Object Storages
Object storages are reporting only unknown storage space. This causes problems for other apps that rely on this storage method, e.g., metrics app that monitors the available space. A new configuration at the storage level has been added which allows apps or further extensions of the storage class for object storage to use it. #40674
Other Notable Changes
-
The suggested host name and port syntax for the database host on the installation has been corrected. #40348
-
Without this change, server-side Apache Auth (e.g., Shibboleth) resulted in a redirect to the default ownCloud page instead of the last visited page. We now correctly handle redirect_url. #40470 #40161
-
We now expect a not found error instead of a permission denied error for some trash interactions. #40406
-
Mime types of hidden files are now properly detected. #40427
-
Unused Google SDK services are removed to reduce package size. #40444
-
Added account creation time in the oc_accounts table so that this info can be displayed over the Users page. Also extended the users provisioning API and the "user:list" occ command to display this info. #40588
-
For easy access of files through WebDAV the URL is now displayed right under the app password section. #40509
-
The username as well as the full name of a user is now shown on his personal general settings page. #40510
-
The RewriteCond rules in the .htaccess file have been changed to match the expected paths. #40584
-
Two-factor authentication can now be enabled using the provisioning API. #40617
-
Detecting unused thumbnails is now using a better optimized SQL statement which consumes less database and web server resources. #40514
-
Backend class aliases have been added to improve usability of the occ user:sync command. #40640
-
In Guzzle major version 7, the body option of a request must be a string or similar. Requests that send arrays of items have been adjusted to use the form_params option. Developers of apps that use lib/private/Http/Client/IClient.php should check any calls to ensure that arrays of items are not passed in the body option. See the diffs of PHP docs in the linked PR for examples. #40652
-
In some cases mail notifications related to sharing activities are blocked by mail filters as they are flagged as email impersonation. In such cases it may be desirable for an ownCloud admin to have a config option for removing the sender display name from the "From" address. This is now possible by setting the config.php parameter "remove_sender_display_name ⇒ true". #40671
Updated App Versions
Find below a list of updated apps in comparison with the 10.11.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Anti-Virus 1.2.1
-
Document Classification 1.3.2
-
Guests 0.12.2
-
OpenID Connect 2.2.0
-
Ransomware Protection 1.6.0
-
LDAP Integration 0.17.0
-
Web 6.0.0
-
Microsoft Office Online 1.6.1
-
Text Editor 2.5.0
Known Issues
ownCloud Inaccessibility
If you have installed ownCloud 10.12.0 in the combination of:
-
index.php-less setup
-
URL via subfolder
the files view in the web UI will be empty. The desktop app will not be able to sync and an error 405 (Method not allowed) will be thrown. The problem is fixed in 10.12.1. Note that owncloud Server 10.11.0 and earlier are not affected.
Changes in 10.11.0
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.11 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
When upgrading from ownCloud Server 10.10, there will be no migration steps impacting the upgrade duration. Therefore the upgrade is expected to finish quickly.
Edit Permission for Public Links on Single Files
In previous versions of ownCloud Server, public links on single files could only be created with read-only permissions (Download / View
). If users wanted to share a file and enable recipients to change it, they had to put that file into a folder and share that with permissions for editing (Download / View / Edit
). Server 10.11 introduces the Download / View / Edit
role for public link shares on single files to make a user’s life easier. Especially when using ownCloud in combination with web office solutions like ONLYOFFICE, Collabora Online or Microsoft Office Online, users can now quickly and conveniently collaborate on documents with external parties. #40264
Sharing with Multiple Users at once
Server 10.11 introduces the ability to share with multiple users at once by entering their identifiers (e.g., display name, user ID, email address, federated cloud ID) as a comma-separated list in the sharing dialog (e.g., alice,bob@example.org,carol
. Based on the inputs, ownCloud will decide how to create the shares (e.g., share with an internal user, invite a new guest, create a federated share). This way, users can easily invite many recipients at once to their files and folders. With Custom Groups version 0.7.0 onwards the same behavior also applies to adding users to Custom Groups. #40155 customgroups#522 guests#506
Inviting New Guests to Custom Groups
Server 10.11 in combination with Custom Groups 0.7.0 and Guests 0.12.0 allows inviting new guest users directly into a Custom Group. Previously this was only possible by sharing files with new guests first and creating their user account thereby. New guests will not have access to any files nor will they be able to create/upload their own files unless there is a share with the respective Custom Group or with the guest user. #521 guests#506
New Skeleton Files for Users
For new user accounts, the default skeleton files have been changed a bit in version 10.11. The ownCloud user manual PDF has been removed as it becomes outdated quickly and will not be updated for existing users when a server upgrade is done. It is recommended to provide the official user documentation to users instead. New users will further find a folder called "Learn more about ownCloud" that contains information about the product.
Notable Changes
-
The default app on login can now be set per individual user. ownCloud use this to remember which UI (Classic UI or ownCloud Web) the user has used during their last session. This way, users are always redirected to their preferred UI after logging in. #39600
-
ownCloud Web will now respect the user’s language setting. #40087
-
The command
occ background:queue:status
will now output more information about background jobs. #40113 -
Quota handling has been improved (e.g., when copying or uploading files into shared folders). #39895
-
The context menu for multiple file actions in public links (e.g., "Open with PDF Viewer") works again. #40143
-
Storage encryption has received stability improvements. #40240
-
Guest users will no longer see settings sections which they are not allowed to use. #40257
-
The process for the first login of a new user is now more stable. #40091
-
App passwords now continue to work even when an LDAP connection is temporarily not available. #40152
-
App passwords now work with case-insensitive user names. #40281
-
The SAML/SSO login flow is now more stable, making features like the Microsoft Office Online / WOPI integration work better in combination with SAML. #40161
-
The comments feature now works better on small screens. #40142
-
A new setting
proxy_ignore
has been introduced to exclude requests to certain domains from using the configuredproxy
. #40148
Updated App Versions
Find below a list of updated apps in comparison with the 10.10.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Activity 2.7.1
-
Custom Groups 0.7.1
-
Guests 0.12.0
-
Anti-Virus 1.1.0
-
Graph API 0.3.0
-
Market 0.7.0
-
Web 5.7.0
Known Issues
PHP guzzle dependencies
This release uses guzzle 7. The complete bundle contains several app updates that were migrated from guzzle 5 to guzzle 7. When using the minimum bundle, those apps can be downloaded from the marketplace. Please check any non-standard apps for guzzle 7 compatibility. If in doubt, disable these apps before upgrading.
Currently known incompatible apps include: * richdocuments 2.7.0 * onlyoffice 7.5.3
Guests App Whitelist Feature
The Guests App Whitelist feature evaluates the app whitelist stricter starting with release 0.12.0. To overcome any issues related to this strict handling, an upgrade to Guests 0.12.1 is highly recommended as this release has a much wider range of apps whitelisted by default.
Changes in 10.10.0
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.10 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
When upgrading from ownCloud Server 10.9, the following migrations will run as part of the upgrade procedure:
-
A migration step takes care of converting external storage parameters to the new format (see below). This step is expected to be quick and should not impact upgrade duration significantly. #39935
Session Lifetime and Expiration Improvements
ownCloud Server 10.10 comes with a couple of stability and security improvements around session lifetime and expiration in the Classic web interface #39916:
-
The configured session lifetime (
session_lifetime
inconfig.php
) will now be reset each time a page is loaded or when a "heartbeat" request is sent. -
If the session keepalive config option (
session_keepalive
inconfig.php
) is set totrue
, a periodic "heartbeat" request will be made automatically regardless of any activity going on. This will reset the session lifetime preventing its expiration. -
If the session_keepalive config option (
session_keepalive
inconfig.php
) is set tofalse
, a "heartbeat" request will be sent based on activity in order to extend the session lifetime. If there’s no activity, the session might expire, and the user will need to login again. -
A new config option
session_forced_logout_timeout
has been introduced inconfig.php
. For advanced security, this option can be used to expire user sessions a configurable amount of seconds after they close the ownCloud browser tab or the whole browser, respectively, forcing the user to log in again when they access ownCloud the next time. This option is disabled by default.
Notable Changes
-
The feature Resend invitation mail in user management does not apply to guest users anymore as those have a different invitation flow than regular users (user-based vs. admin-based). #40032
-
Group administrators will now only see the groups they are an administrator of in user management (previously they also saw other groups but were unable to manage them). #39752
-
ownCloud Server 10.9 introduced a new feature to improve initial sync and discovery performance which has been enabled by default. As there have been performance issues in certain environments, 10.10 disables the feature by default. It is recommended to enable the feature based on evaluations with test systems. #40016
-
Storage encryption: Restoring a received shared file now also restores its versions correctly. #39822
-
Storage encryption: Moving a file out of a share now also takes care of versions correctly (previously they were corrupted under certain circumstances). #39829
-
The external storage administration user interface has been improved to avoid unnecessary credential exposure #39841 #39935
-
The mail server configuration user interface has been improved to avoid unnecessary credential exposure #39833
-
The 'External Storage' feature (
files_external
) can now be disabled. #39856 -
General performance and stability improvements have been made. #39847 #40031
-
The File Drop view for Upload-only public links has been visually improved to provide a better user experience. #39900
-
ownCloud Web: Guest users will now be explicitly listed as "Guests" (instead of "User") #40013
-
The config report now provides a dedicated guest user count
Updated App Versions
Find below a list of updated apps in comparison with the 10.9.1 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Activity 2.7.0
-
Market 0.6.3
-
Metrics 1.1.0
-
OpenID Connect 2.1.1
-
Password Policy 2.1.4
-
Ransomware Protection 1.4.0
-
ownCloud Web 5.4.0
-
Microsoft Office Online 1.6.0
-
Workflow 0.5.4
For Developers
-
The Capabilities API now exposes the product name. [#39851]https://github.com/owncloud/core/pull/39851
-
The OCS Share API now also exposes the user type (e.g., guest) [#40013](https://github.com/owncloud/core/pull/40013)
Changes in 10.9.1
ownCloud Server 10.9.1 is a follow-up bugfix release that takes care of 10.9 known issues. You can read the full ownCloud Server changelog for further details on what has changed.
Solved Known Issues
All known issues in Server 10.9.0 have been fixed:
-
Prevent encrypted files from being corrupted when overwriting them #39623
-
Marketplace not working after upgrade from 10.8 to 10.9 #39616
-
Fixes for the newly introduced feature to store the author of versions #39670 #39673
Updated App Versions
Find below a list of updated apps in comparison with the 10.9.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
Changes in 10.9.0
Dear ownCloud administrator, find below the changes and known issues in ownCloud Server 10.9 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
-
To improve the performance of address book search queries (e.g., when looking for federated users to share with), a migration step adds an index in the
cards_properties
table. The impact on upgrade duration depends on the number of known federated users. #39017 -
A migration step takes care of setting the new option
allow_user_to_change_mail_address
according to what has been set inallow_user_to_change_display_name
to make sure that there’s no unintentional behavior change after upgrading. The impact on upgrade duration is insignificant. #39288
PHP 7.2 Support Discontinued
As announced in the previous minor releases of ownCloud Server, from version 10.9 onward ownCloud Server no longer supports PHP 7.2. If you’re running on PHP 7.2 or below, it is necessary to upgrade PHP prior to conducting the upgrade to Server 10.9. See the system requirements for more information.
If you’re using the official Docker containers or the Univention appliance, this has been taken care of already. |
PHP 7.3 Deprecation Note
PHP 7.3 support will be dropped in one of the next server releases. Support is still available with 10.9 but it will be necessary to plan an upgrade soon if PHP < 7.4 is in use.
Support for MariaDB 10.6
Version 10.9 adds support for MariaDB 10.6 (#39286). If you’re planning a database update to a MariaDB version > 10.5, it is very important to prepare the ownCloud installation first. Please read the documentation on this matter carefully before upgrading to MariaDB 10.6.
Highly Improved Initial Sync and Discovery Performance
Server 10.9 comes with the means to drastically reduce the time needed by the ownCloud clients for the initial discovery of the contents in user accounts, especially for those with many files and huge directory structures. Practically, this means when a user account is initially set up, e.g., in the ownCloud Desktop Client or when larger directory structures are added to an existing account (e.g., via sharing or external storage mounts like Windows Network Drives), the client no longer needs to check every individual folder. Instead, the server will compose a full content listing and provide it to the client ("Streaming PROPFIND with depth=infinity", #38583). Additionally, to prevent memory issues on the server side, this content listing will be streamed to the client while it is being created.
This new server-side capability needs changes in the ownCloud clients to work. At the time of the ownCloud Server 10.9 release, client implementations for iOS, Android and Desktop are in the making but not yet available. The implementations will follow soon with the next client releases.
If you use the currently existing versions of the ownCloud clients, you will not yet experience performance gains. |
Manual File Locking: Ability to Define User Groups That Can Unlock Files
Since version 10.5, ownCloud supports Manual File Locking to prevent concurrent changes of files by different users. The feature works in a way that it only allows the user who locked a file to unlock it again (exclusive file locking) and it provides a configurable timeout for file locks.
Version 10.9 introduces a new subfeature that allows administrators to define groups of users that are entitled to unlock locked files, independent of whether they have set the lock initially or not (#38222). Users in such groups can regain control over files, e.g., if a lock owner is unavailable and a long timeout for file locks is used. Administrators can configure this in the Manual File Locking section of the General admin settings. For more information, refer to the ownCloud documentation.
File Versions: Store and Display the Author of File Versions
To improve usability, Server 10.9 provides a new feature for file versioning. When working on documents with multiple people, it can be important to know who created a certain version, e.g., to roll back to a specific state or to understand who made which changes to a file. For this, you can enable storing and displaying the author of file versions. When enabled, users will see the author of file versions in the 'Versions' tab of the right sidebar in the web interface. To avoid time-consuming database migrations, the author metadata will be stored in files on the storage.
The feature is disabled by default as it is not compatible with all use cases. To enable it, administrators can set 'file_storage.save_version_author' ⇒ true
in config.php
.
This feature is incompatible with S3 object storage. Do not enable it if you’re using S3 as primary storage. |
Restrict Public Link Sharing to Certain Groups
In certain scenarios it is not desired that all users of an ownCloud installation can create public links and share data publicly. Therefore, ownCloud Server 10.9 provides a new configuration option for administrators that allows restricting the creation of public links to users in certain groups (#38980).
Existing public links will continue to work after introducing a restriction policy. The policy only applies to the creation of new public links. |
Ability to move a user’s home folder
In some cases it is necessary to manage storage locations of users, e.g., if you want to distribute them across multiple storages. To facilitate this process, Server 10.9 introduces a new occ command (occ user:move-home
) that allows moving user home folders to a new location (#39136). The command takes care of moving the physical data and of updating all other related information. In addition, new commands like the occ user:home:list-dirs
which lists the available storage locations of users and occ user:home:list-users
which lists users belonging to a storage location have been added.
For more information, refer to the ownCloud documentation about occ and about user management.
Updated App Versions
Find below a list of updated apps in comparison with the 10.8 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Media Viewer 1.0.5
-
PDF Viewer 1.0.1
-
Text Editor 2.4.1
-
Guests 0.9.3
-
OAuth2 0.5.2
-
OpenID Connect 2.1.0
-
Web 4.6.0
-
Windows Network Drive 2.1.0
-
Microsoft Office Online 1.5.1
-
LDAP Integration 0.16.0
Other Notable Changes
-
The handling of inaccessible federated shares has been improved to avoid removing temporarily unavailable shares. #38474
-
Group admins can now add users who are in at least one of their administered groups to their other groups via the HTTP Provisioning API (previously this was only possible via the web-based user management). #39013
-
Issues with updating apps via the Market app occurring under certain circumstances have been resolved. #39108
-
The logo on the login screen will be displayed correctly again, independent of its size. #39129
-
Image orientation information from EXIF data will now be processed correctly so that images will be displayed with the correct orientation, e.g., in the Media Viewer. #39140
-
The
occ user:report
command has been fixed so that only real user folders will be counted (instead of counting system folders like, e.g., avatars). Additionally, folders outside of the data directory will also be taken into account (e.g., symlinks). #39223 #39254 -
The "Home" icon in the breadcrumb of the Files app has been replaced with the icon and text of the respective view (e.g., All Files, Deleted Files) so that its functionality is clearer to the user. #39367
-
The
occ user:list
command now supports the optionshow-all-attributes
to provide a user list including all available information at once. #39366 -
The "Open with" menu which is shown when a user can choose between multiple applications/actions for a certain file type (e.g., ONLYOFFICE, Collabora Online, PDF Viewer) has been improved to only show relevant actions. If there’s only one relevant action available, clicking on the file name will directly conduct this action. #39358
-
Support for Collabora Online Draw has been added. #39594
-
Thumbnails for WEBP files can now be generated. #39358
-
The quality of preview images (e.g., in the Media Viewer) can now be configured. in config.php. #39349
-
Starting and trailing spaces in file names will now be trimmed when uploading, creating and renaming files in order to maintain cross-platform compatibility (e.g., Windows does not support such file names). #39310
-
Empty folders can now be uploaded via the web interface. #39285
-
The file list has received improvements for mobile devices. #39233 #39221
-
The Shared by link view has been improved for mobile devices. #39232
-
The Deleted files view has been improved for mobile devices. #39236
-
The file creation menu ("+" menu) now provides buttons to confirm and cancel file creation. #39056
-
The group listing of the user management in the web interface has been improved with regard to usability. #39262
-
It is now possible to disable the upload time estimation in the web interface using
occ config:app:set files hide_upload_estimation --value="yes"
. #39228 -
When 'upgrade.disable-web' is set to
true
in config.php, the web updater section in admin settings will now be completely hidden. #39183 -
Deleting a tag now requires confirmation to prevent mistakes. #39157
-
The
occ transfer:ownership
command now has a new option--destination-use-user-folder
to transfer entire user accounts. See the documentation for more information. #39118 -
The performance of address book search queries has been improved. #39017
-
File actions in the web interface will now only be triggered when clicking on the file name. A bug has been fixed that caused clicking on the file row to have the same behavior. #39361
-
The setting
allow_user_to_change_mail_address
has been introduced and decoupled from the settingallow_user_to_change_display_name
. -
The expiration date in the Shared by link view will now be correctly displayed. #39238
For developers
-
It is now possible to register multiple default actions for a certain mimetype. If there is only a single action available, this action will be conducted when the user clicks on the file name. If there are multiple actions available for a certain mimetype, the user will see an "Open with" menu when clicking on the file name. More information can be found in the developer documentation. #39541
Solved Known Issues
All known issues in Server 10.8 have been fixed.
-
Bugfix: Avoid potential open_basedir errors after upgrade to PHP 7.4.21 #39034
Known Issues
-
When updating an existing instance to ownCloud 10.9, you may experience that the marketplace is not accessible via ownCloud and content is not shown. If you have this issue, see the following link for details and a procedure how to solve this.
-
If you use encryption, we recommend not to update to ownCloud 10.9.0 but wait until 10.9.1 will be released in early January 2022. The following issue can occur: If you have an encrypted file which is shared, the file gets corrupted if the share recipient overwrites that file. This means that the latest changes will be lost. If Files Versions has been enabled, you can restore the previous version. The issue has been resolved already and will be available with the next patch release. See the following link for more technical details.
Changes in 10.8.0
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.8 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
ownCloud Web supplements the Classic Web Interface - Try it!
The all-new web interface for ownCloud, ownCloud Web, has come a long way since its initial release at the end of 2020. It is available as an app on the ownCloud Marketplace and ownCloud Server has been prepared to work with it since version 10.6. ownCloud Web can be deployed as a supplement to the classic web interface and meanwhile it is in use at quite a number of installations. This has brought up good feedback around the integration with ownCloud 10 that has been addressed for 10.8. Additionally, lots of improvements have made their way into ownCloud Web. For an overview you can have a look at the ownCloud Infinite Scale release notes and for a full list of changes, please see the ownCloud Web changelog.
The most prominent recent improvements are
-
Accessibility: Compliance with WCAG 2.1 / BITV 2.0 (currently in the certification process)
-
Theming: Ability to change name, logos, colors and more via config file (see the documentation for more information)
-
Performance improvements in many areas
With all these improvements we want to motivate ownCloud service providers to make ownCloud Web available to users, to experience the new technology as well as to provide feedback to further improve it. The ownCloud Web integration app comes as part of the 10.8 complete bundle. Furthermore, ownCloud Web has a release cycle of 3 weeks that is independent of ownCloud Server. This allows new versions with features, fixes and improvements to be made available regularly via the ownCloud Marketplace and to deploy them with minimal effort.
ownCloud Web is currently in the status of a Technology Preview. This means that bugs and other undesired behavior are expected. After careful testing, ownCloud Web can be used on production systems. Features are still being added to ownCloud Web and users will need to use the Classic web interface to do certain actions. Please evaluate according to your use case how well the new web interface suits your needs and let us know any feedback that you encounter. |
Fixed Known Issues
Both known issues from ownCloud Server 10.7 have been fixed. The deployment of ownCloud Web is now more robust and administrators can optionally decide whether ownCloud Links (public and private links) should be provided by the Classic web interface or by ownCloud Web using a new option in config.php.
Feedback
As mentioned, features are still being added to ownCloud Web and the new web interface can’t yet cover every use case of the Classic interface. To further shape the new product and to determine the development priorities it is of utmost importance to consider user feedback. We’re very grateful for any hints or feedback that you supply via the following channels
-
ownCloud Web survey: https://owncloud.com/web-design-feedback
-
GitHub: owncloud/web
-
Chat: talk.owncloud.com / #web
-
Mail: product at owncloud dot com
Since the ownCloud Web 3.4.0 release, the survey above is made available in ownCloud Web to allow users to directly report about their experience. If undesired, the feature can be turned off in the ownCloud Web configuration.
Improved Usability for "Add to ownCloud" on Public Links
The usability of the "Add to ownCloud" feature on public link pages has been improved (#38712). Research on the feature has shown that most users use the feature to add links to the same ownCloud installation they originate from instead of creating federated shares with other ownCloud installations. For this reason there is a new default behavior which allows adding a link to a user account on the ownCloud installation the public link originates from with just a click and without requiring any further input. Advanced users can use a dropdown menu to add a link to a user account on another ownCloud installation.
New icons have been introduced for this feature. If you’re using a custom theme, it is recommended to check whether the icons have a good contrast. |
Modernized Login Page
The login page has received several improvements regarding design and usability (#38506). A login button and labels for the input fields have been added and the "Alternative login" buttons (e.g., for authentication with OpenID Connect) have been redesigned to give a more modern look and feel. In this context, also the ownCloud Enterprise Theme has received improvements that are shipped with Server 10.8.
If you’re using a custom theme, it is recommended to check the login page and make sure that all elements appear as desired. |
Improvements for External Storages
-
Performance and caching improvements for external storages (e.g., Windows Network Drives) have been added #38804
-
Renaming or deleting a Windows Network Drive mount point from the files list is now properly prevented #38709 #38819
-
Passwords in the external storage configuration can now be stored encrypted in the database (e.g., for Windows Network Drive mount points). With the next release of the Windows Network Drive app, these can also be used to set up the WND Listener. #38728
-
The external storage settings UI has been improved to prevent accidentally exposing mount points to all users #38795
Re-sending User Invitation Emails
Invitation links for new users in the local ownCloud user management expire after 12 hours for security reasons. For such cases, administrators can now conveniently re-send invitation emails to new users using the mail icon in the user management. #38774
System Events in the Activity Stream
Events in the activity stream that have been issued by the system (e.g., expired shares or workflow automations like file retention or auto-tagging) are now indicated properly. Before, these events appeared as if the user would have done them manually. To be effective, this requires the latest versions of the Workflow and Activity app versions which are shipped with ownCloud Server 10.8. #38605 #38631
Migrations
Upgrading from ownCloud Server 10.7 to 10.8 does not involve database migrations. The upgrade duration is, therefore, expected to be short.
Updated App Versions
Since ownCloud Server 10.5, all supported apps are being shipped as part of the complete bundle for ownCloud Server. Find below a list of updated apps in comparison with the 10.7 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.
-
Web 3.4.1 (new addition to the bundle)
-
Anti-Virus 1.0.0 (with ICAP support)
-
LDAP 0.15.4
-
Activity 2.6.1
-
Workflow 0.5.2
-
Announcement Center 1.5.2
-
Custom Groups 0.6.2
-
File Firewall 2.10.3
-
Market 0.6.1
-
Auditing 2.1.3
-
Document Classification 1.3.1
-
PDF Viewer 0.12.1
-
Text Editor 2.3.1
-
Guests 0.9.1
-
Microsoft Office Online 1.5.0
PHP Minimum Version 7.2.5
The minimum supported PHP version has been increased from 7.2 to 7.2.5. If you are still running PHP 7.2, ensure that you are running a recent patch release before upgrading to 10.8.
PHP 7.2 Deprecation Note
As announced with the release notes of version 10.6, PHP 7.2 support will be dropped in one of the next minor releases. Support is still available with 10.8 but it will be necessary to plan an upgrade soon if PHP < 7.4 is in use.
Other Notable Changes
-
The auto-removal of inaccessible federated shares has been made more robust #38474
-
Interoperability in federation with other OCM providers has been improved #38738 #38751
-
Thumbnail previews for file versions work again #38778
-
Received shared files/folders can be renamed again without permission checks (only affecting the mount point for the user themselves) #38794
-
An issue that caused the sharing autocomplete dropdown menu not appearing in the Safari browser has been fixed #38831
-
MOVE operations from encrypted storage to unencrypted storage have been fixed #38567
-
The performance of MOVE operations has been improved #38649
-
An issue related to CORS that prevented users from accepting shares has been fixed #38639
-
Design improvements for the tabs in the right sidebar have been made #38653
-
Improvements on the files list allow a better readability of file names on small screens #38748
-
The button to share a user’s federation ID to Google+ has been removed from personal settings since it’s obsolete #38705
-
The config report and the
occ user:report
command now provide the number of guest users #38742 #146 -
For more control over Deleted Files, administrators can now decide if a resource should be deleted immediately instead of moving it to the trash bin. The behavior can be configured based on file extensions, directory names and size using the
trashbin_skip
options in config.php. #38704 -
License keys can now be removed with a button in the admin settings #38843
-
Video playback in ownCloud relies on browser capabilities. If a video cannot be played, users will now see a hint with guidance. #38858
For developers
-
App developers can now exclude default file actions like "Rename" when their app adds a new file view to ownCloud. #38643
Solved Known Issues
All known issues from Server 10.7 have been fixed.
Known Issues
-
If
open_basedir
is configured within yourphp.ini
file and you update PHP to 7.4.21 or later then unnecessary entries will be logged to the log file about "open_basedir restriction in effect." See issue #39034. This issue will also happen on all other 10.* releases ifopen_basedir
is used with PHP 7.4.21.
Changes in 10.7.0
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.7 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
Upgrading from ownCloud Server 10.6 to 10.7 does not involve database migrations. The upgrade duration is, therefore, expected to be short.
Usability Improvements for the Classic Web Interface
Tagging
Based on user feedback, the user interface for file/folder tagging has been improved. Research has shown that some users misinterpret the tagging input field in the right sidebar as the location to share files/folders. To prevent this, the functionality to manage tags has been separated from the location where tags are displayed. From version 10.7 onwards, tags will be displayed as a read-only list at the top of the right sidebar. Tag management (assign/unassign, etc.) can now be conducted in a dedicated tab "Tags" below.
Sharing via Email Address
Based on user feedback, some further usability improvements have been made in the user sharing dialog. In most cases users actually want to share with an internal or a guest user. Therefore, when sharing data by entering an email address, the suggestion to create a federated share will now only be shown when the internal user lookup has finished and did not return any results. As federated user IDs have the same syntax like email addresses (e.g., userid@cloud.tld) this measure has been taken to guide users better by only suggesting federated users when no other known users have been found.
Improvements for Opening Files with Multiple Applications
Server 10.7 brings improvements for users when there are files that have multiple editor or viewer applications associated. For example, this could be a PDF file that can be opened with the integrated PDF viewer or with a third party application like Collabora Online or OnlyOffice. Previously the classic ownCloud Web interface would just make the decision for the user on click or require the user to use the respective entry in the file’s dropdown menu. Starting with version 10.7, the user will be prompted on click to decide which application they want to use. If there is only a single application available that is capable of opening the file, the behavior stays as before.
Improvements for Storage Encryption
Version 10.7 brings improvements for storage encryption in order to reduce storage usage. By changing from base64
to binary
encoding for encrypted files, a reduction of about 35% in storage usage can be achieved.
For existing installations that use storage encryption, this process is seamless. Files that have been stored before upgrading to 10.7 will stay with the previous encoding until they are rewritten which will store them with the new encoding.
Deprecation Note for User-key Storage Encryption
Storage encryption in ownCloud offers two options, master-key and user-key encryption. While master-key encryption is based on a general encryption key that is used to decrypt all user data, user-key encryption relies in essence on user passwords to decrypt individual user data. Both follow the goal to prevent malicious administrators from being able to read user data. Due to the nature of user-key storage encryption, this encryption mode comes with a list of limitations and can cause challenges for administrators, e.g., when users forget their password. For these reasons, user-key storage encryption is now marked as deprecated and will not be maintained anymore for future versions of ownCloud Server. Server 10.7 still supports user-key encryption but the feature will be removed in later versions. If you are operating an ownCloud installation with user-key storage encryption enabled, please get in contact with support@owncloud.com to plan a migration to master-key storage encryption.
Master-key storage encryption is still supported and has received improvements with Server 10.7 (see above). This encryption mode can be used with dedicated HSM products for additional security. |
PHP 7.2 Deprecation Note
As announced with the release notes of version 10.6, PHP 7.2 support will be dropped in one of the next minor releases. Support is still available with 10.7 but it will be necessary to plan an upgrade soon if PHP < 7.3 is in use.
Other Notable Changes
-
Redis can now be connected with TLS support for improved security. See the documentation for more information. #38386
-
For strong security, ownCloud Server uses strict same-site cookie handling. In certain scenarios (e.g., integrations) this behavior is not desired. To be able to flexibly adapt the intended behavior, the same-site cookie handling can now be configured. #38458
-
Loading the "Shared with you" list when shares originate from files on unavailable storages (e.g., Windows Network Drives) has been fixed. #38190
-
Performance improvements for the "Shared with you" view list have been made. #38385
-
Existing guest users are now correctly labeled as 'Guest' in the sharing sidebar tab (before they were labeled as regular 'User'). #38440
-
Issues with multiple files with the same name e.g., in the "Shared by link" view, have been fixed #38415
-
Error messages when uploading files are more specific again (e.g., when a virus has been found or when an upload was blocked due to a File Firewall rule) #38416
-
The occ command
maintenance:mimetype:update-db --repair-filecache
has been fixed. It can be used to bring changed mimetype associations for files into operation. #38425 -
Subfolders from Google Drive can now be mounted. #38161
-
The right scrollbar in the web interface is more visible now. #38183
-
The user experience when adding external storages has been improved by clearly indicating success or errors. #38288
-
There are user groups which cannot be edited manually in user management (e.g., the
guests_app
group). These groups will not allow adding users anymore to prevent confusion. #38298 -
Some unnecessary errors in the logs have been removed for cleanliness. #38390
Solved Known Issues
Both known issues from Server 10.6 have been fixed.
Known Issues
-
When having storage encryption (master key encryption) enabled, there is an issue that prevents Collabora Online (
richdocuments
) from working. If you are using this feature combination, please skip the 10.7 upgrade and wait for the next release. In case you have already upgraded to Server 10.7, please get in touch with ownCloud Support to fix the issue. #392 -
When having ownCloud Web enabled, all public links will open in ownCloud Web instead of the classic UI. This behavior will be made configurable in a follow-up release of ownCloud Server.
-
When setting up ownCloud Web, it is necessary to be careful with the
web.baseUrl
parameter as trailing slashes currently do not work as expected. For example,https://cloud.example.com/apps/web/
should not be used whilehttps://cloud.example.com/apps/web
will work properly.
This section will be updated when more issues are discovered.
Changes in 10.6.0
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.6 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
-
To allow sharing files with very long names (> 64 characters) via federation, a migration step will run. The impact on upgrade duration depends on the number of federated shares. #37835
PHP 7.2 Deprecation Note
PHP 7.2 recently reached its end of life and is not maintained anymore. ownCloud Server will, therefore, drop support in one of the next minor versions as well. If you’re running on PHP lower than 7.3, please make sure to schedule an upgrade to PHP 7.4 as soon as possible. See the system requirements for more information.
ownCloud Web - The New Web Frontend for ownCloud
ownCloud Server 10.6 comes with the prerequisites to run the new ownCloud Web frontend as an optional component on top of it.
-
The new server version comes with a switcher to the new frontend ("New Design"). It will be available to users in the apps menu if the address of ownCloud Web is specified in config.php. Likewise, the new frontend comes with a switcher back to the classic frontend ("Classic Design") to allow users to navigate back and forth.
-
Pre-signed URLs allow proper downloading and streaming of files in ownCloud Web.
-
A capability for the Favorites feature makes it available in ownCloud Web.
There are different ways to deploy ownCloud Web with ownCloud Server. We strive to make it as easy as possible to make the new frontend available to users. For this, there is the new app for Web on the ownCloud Marketplace. It can be installed on ownCloud 10 servers with the regular tools. The app will make the new frontend available as described above when deployed and configured correctly.
Deploying ownCloud Web via the Marketplace app is the currently recommended approach. |
Requirements for deploying ownCloud Web as an app for ownCloud Server 10
-
ownCloud Server 10.6
-
OAuth2 or OpenID Connect is used for client authorization.
-
ownCloud Web is installed and enabled.
-
ownCloud Server and ownCloud Web are configured as outlined in the documentation.
Other Notable Changes
-
Federated shares can now also have an expiration date (including default and enforcement options) #37548
-
SGI images can now be displayed and have thumbnails #37758
-
When sharing public links via mail, the subject will now be translated #37321
-
Stability improvements for file checksums with versioning #37934
-
Manual file locking on the web UI can now be enabled/disabled in the admin settings section "Additional" #37720
-
Fixes and library updates for the Google Drive external storage integration #25826 #37739 #37912
-
When disabling storage encryption, the configuration is now properly cleaned up #35980
-
Many issues around unavailable federated shares have been fixed (e.g., not being able to remove them) #38042 #37956
-
Performance improvements for the "Shared by link" view #38000 #38053
-
Files with names up to 255 characters can now be shared via federation (was limited to 64 before) #36730
-
A user’s language preference will not be overridden by locales sent by browsers anymore #38073
-
Fixed display of public links and user/group shares in case avatars are disabled #37945 #37964
-
Fixed some translations not working with themes #38072
-
Improved output on errors for LDAP user sync #37951
-
A new occ command
files:troubleshoot-transfer-ownership
has been added to help finding issues withfiles:transfer-ownership
#37950 -
Added values to the invalid uid list to prevent creating users with reserved UIDs #37766
-
The log level of "file locked" exceptions has been reduced to "debug" #37907
Bundle and Delivery
Since ownCloud Server 10.5 all supported apps are shipped in the ownCloud Server Complete bundles. The following changes have been made to the bundle for Server 10.6:
-
Added OpenID Connect
-
Added Graph API
-
Removed Two-factor Authentication
Known issues
-
There is an issue around when using ownCloud Web with ownCloud Server 10.6. By default when ownCloud Web is enabled, all public links will open in the new ownCloud Web view. Downloading files from ownCloud Web in public links currently lacks some capabilities which make it appear strangely to a user. There is no status indication and progress information until the download has finished in the background. Server 10.7 will fix this issue. #38376
-
There is an issue with themes which causes some themed icons and logos not to be replaced (the original icon/image will be displayed). The issue will be fixed in the next release. #38246
This section will be updated when other issues are discovered.
Changes in 10.5.0
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.5 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
-
To improve the performance of addressbook search queries (e.g., when looking for federated users to share with), a migration step adds indices for the columns
addressbookid
,name
andvalue
on theoc_cards_properties
table. The impact on upgrade duration can be high depending on the number of rows of the mentioned columns. -
To prepare for the new background job for change detection in federated shares (see below), a migration step adds a new column (
lastscan
) to theoc_share_external
table. The impact on upgrade duration depends on the number of rows inoc_share_external
. -
To enable storing complex WebDAV properties, a migration step adds a new column (
propertytype
) to theoc_properties
andoc_dav_properties
tables. The impact on upgrade duration depends on the number of rows inoc_properties
andoc_dav_properties
. -
To facilitate the transition to the new licensing mechanism (see below) a migration step will disable the
enterprise_key
app during the upgrade. This step does not have an impact on upgrade duration.
PHP 7.1 Support Discontinued
As announced, in the previous minor release of ownCloud Server, from version 10.5 onward, ownCloud Server no longer supports PHP 7.1. If you’re running on PHP 7.1 or below, it is necessary to upgrade PHP prior to conducting the upgrade to Server 10.5. See the system requirements for more information.
If you’re using the official Docker containers or the Univention appliance, this has been taken care of already. |
Official PHP 7.4 Support
ownCloud Server 10.5 officially supports PHP 7.4. The Server Core and all apps maintained by ownCloud have received a full QA cycle and are proven to work reliably with PHP 7.4. If you are still running a PHP version < 7.2, you must upgrade PHP before upgrading ownCloud Server as lower versions are not supported anymore.
Summarizing, ownCloud Server 10.5 supports the PHP versions 7.2, 7.3 and 7.4.
See the system requirements in the ownCloud Documentation for the recommended PHP version and for more information. |
Upgrade PHP to 7.2 or 7.3 then upgrade ownCloud Server to 10.5, then upgrade PHP to 7.4 |
The official ownCloud Docker containers have been updated to Ubuntu 20.04 and are using PHP 7.4. |
File Locking in the Web Interface
ownCloud Server 10.5 comes with great enhancements for content collaboration. Manual file locking allows users to lock files in shared areas while working on them in order to prevent concurrent changes from other users (check-in/check-out).
The feature builds on the WebDAV Locks backend which has been introduced with Server 10.1 and is now available in the ownCloud Web Interface. Using the context menu of files, every user who has access can lock them. Users can recognize locked files by the means of a new lock indicator. While a file is locked, other users can still access it but they cannot make any changes. Locked files can manually be unlocked by the lock owner (the user who locked the file; exclusive locking) using the "Locks" tab in the file details view (right sidebar).
When using the ownCloud clients, file locks will also be respected, meaning local changes can’t be checked-in to locked files and users will see an error message. If there are conflicting local changes and the respective file becomes unlocked, there will be a conflict file that allows to resolve the concurrent changes. |
To prevent files being locked infinitely, there is a mechanism that automatically expires locks after a certain time. The expiration time of locks can be configured via the "Manual File Locking" section in the
settings or using occ commands:-
Default timeout for the locks if not specified (in seconds): Maximum lifetime of a lock set via the web interface (or by not specifying a timeout value when calling the WebDAV Locks API)
occ config:app:set core lock_timeout_default --value 1800
-
Maximum timeout for the locks (in seconds): Maximum lifetime of locks which is allowed to be set by calling the WebDAV Locks API
occ config:app:set core lock_timeout_max --value 86400
By default locks set in the web interface will expire after 30 minutes. The expiration time is bound to the individual locks and can’t be changed after locking. The maximum lock time by default is one day.
Please change the lock expiration settings according to your needs. Usually you will only need to change the default timeout as that applies to locks set in the web interface. |
The user-facing components in the web interface are disabled by default. Administrators can enable the feature by executing the following occ command:occ config:app:set files enable_lock_file_action --value yes
|
Changes to the ownCloud Marketplace
The ownCloud Marketplace is opening up. With the release of Server 10.5, all apps available on the Marketplace (including ownCloud Enterprise apps) are now also available for download and installation via the Market app. This change facilitates the process of getting started with ownCloud Server and of evaluating Enterprise functionality. Additionally, it allows updates for all apps to be obtained from the ownCloud Marketplace and ensures running up-to-date versions.
Changes in Delivery
In line with the changes to the Marketplace the deliverables for ownCloud Server have been unified. Previously there were different Tarball bundles, Docker images and Linux packages for the Community (bare minimum) and Enterprise (all supported apps) Editions.
Starting with Server 10.5 there are the following bundles which are shipped via tarball, Docker images and Linux packages:
- minimal bundle for the Server and required components, semantically versioned (ownCloud-10.5.0
)
- complete bundle for the Server and all supported apps, including the Enterprise features, not semantically versioned as it always contains the latest versions of all supported apps (ownCloud-complete-<date>
)
The availability of Enterprise features now only depends on the license key.
As part of this process, the former enterprise_key
app has been deprecated and is not used anymore. New versions for all Enterprise apps have been released and included in the Server 10.5 complete bundle. These are needed to work with PHP 7.4 and the new licensing mechanism (see below).
When upgrading to Server 10.5 it is mandatory to upgrade all apps to the latest versions as well to ensure compatibility with the supported PHP versions and the new licensing mechanism. Using the Server 10.5 complete bundle for upgrading you will get the latest versions of all apps. |
It is mandatory to disable the deprecated enterprise_key app when upgrading. A migration step will do this automatically during the upgrade procedure. Additionally, to prevent some corner cases when accidentally using old versions of the enterprise_key app with the new server version, the deliverables contain a non-functional enterprise_key app (new version without any business logic) to avoid such scenarios. This app will be removed completely in a future release.
|
Practically, for existing installations the change does not make a big difference. Community installations will get all supported Community and Enterprise apps in addition but they are disabled. For Enterprise installations the bundles stay equal. After upgrading it is recommended to check whether the desired apps are enabled/disabled. |
New Enterprise Trial Mechanism
To facilitate the evaluation of ownCloud Enterprise functionality, Server 10.5 comes with a new trial mechanism. Previously, the process to upgrade from a Community installation to an Enterprise trial was not that easy.
With Server 10.5 this process has been changed and made easier: Along with the changes to the Marketplace and in delivery, Enterprise functionality is available in every installation after upgrading or installing, respectively. The apps can be enabled like other apps which will start a grace period if no valid license key is present. During this time the functionality can be fully used and the admin has some time to start a trial. To start 30 days of Enterprise trial, a demo license key can be obtained from a new landing page. As usual, if you do not have a valid license key after the grace period or the 30-day trial, all Enterprise apps will become disabled again. The administrator will be informed and guided to obtain the demo license and can enter it in the web interface. If desired, the location of the landing page can be customized using the config.php option 'grace_period.demo_key.link' ⇒ 'https://owncloud.com/try-enterprise/'
.
New Admin UI to Supply License Keys
As mentioned above, Server 10.5 adds new UI elements to set license keys in the
settings. Keys added this way will be stored in the database, not in config.php as before. Still, there is legacy support taking into account when keys have been stored in config.php or license.config.php.New Background Job for Change Detection in Federated Shares
With ownCloud Server 10.2.0 a background job for change detection of nested federated shares was added (occ incoming-shares:poll
) to allow ownCloud Server to discover changes in federated shares in order to make them available for synchronization with the ownCloud Clients. Based on feedback a new, improved background job with more configuration options was added to Server 10.5. It replaces the former occ command which is now deprecated and should not be used anymore after upgrading to 10.5.
In addition to discovering changes ("check"), the new background job also synchronizes meta-data changes between involved servers ("scan") making them available without requiring users to actively browse them.
The new background job provides some configuration options to optimize its performance, especially for larger environments: - Minimum number of hours since the last login of a user that a scan is triggered (limits the execution of discovery & metadata sync to active users which have logged in during the configured time frame) (default: 24h)
occ config:app:set files_sharing cronjob_scan_external_min_login --value <integer-seconds>
-
Minimum number of hours since the last scan of a federated share for the next scan to be triggered (avoids frequently scanning the same federated share when it is in active use) (default: 3h)
occ config:app:set files_sharing cronjob_scan_external_min_scan --value <integer-seconds>
-
Maximum number of federated shares scanned per execution (scan is only performed if changes in federated shares are discovered) (default: 100)
occ config:app:set files_sharing cronjob_scan_external_batch --value <integer-number>
The new background job is disabled by default and can be enabled/disabled in the
occ config:app:set files_sharing cronjob_scan_external_enabled --value yes
.
If enabled, it will be executed as part of the regular ownCloud background job queue and therefore does not need to be added to crontab.
If your instance provides federated sharing, activate the new background job as explained above.
TIP: Remove the occ incoming-shares:poll command from crontab if you have set it.
|
Other Notable Changes
-
The Add to your ownCloud feature on public link pages is now hidden if an instance has outgoing federated shares disabled (specifically, if Allow users on this server to send shares to other servers is disabled in #37232
settings) -
Improvements for Oracle DB support #37314
-
Folder download (as ZIP/TAR archive) now preserves the modification times of the contained files #37222
-
Users with certain special names (UIDs) reserved by the system can’t be created anymore #37268
-
Performance improvements for SMB external storages #37451
-
Strict LDAP login only using LDAP user name and password (instead of e.g., email and password) can now be enforced using
occ config:system:set --type boolean --value true strict_login_enforced
#37569 -
Server 10.5 comes with a new background image on the login page and colors have been adapted to ownCloud CI #37650
Solved Known Issues
-
The known issue around sharing with numeric UIDs in 10.4.0 and 10.4.1 has been fixed. #37336
Known Issues
Currently there are no known issues with ownCloud Server 10.5.0. This section will be updated when issues are discovered.
Changes in 10.4.1
ownCloud Server 10.4.1 is a bug fix and maintenance release. You can read the full ownCloud Server changelog for further details on what has changed.
Notable changes
-
The 10.4.0 known issue between Password Policy and user/group share expiration is fixed. Server 10.4.1 and Password Policy 2.1.2 are required to resolve it. #37135
-
Reshared public links are now shown to the share owner. #36865
-
Externally encrypted files can now be downloaded. #36921
-
Improvements have been added to make long-running downloads more stable. #36978
-
Pending federated shares are now also shown in the "Shared with you" tab and can be accepted/declined there. #37022
-
The
files:transfer-ownership
occ command can now also be executed for users who have never logged in. #37038 -
File download for files without a file extension from Google Drive external storages now works. #37044
-
The calculation of the remaining upload time in public links has been improved. #37053
-
E-mail notifications (e.g., for sharing) now respect the
default_language
config.php option. #37039 -
A new occ command (
files:check-cache
) is now available. It checks if a target file can be read from the storage and cleans up stored information in ownCloud’s filecache, in case a file disappears from the primary storage. This is mainly important for object stores and should only be utilized in rare cases. #37067
Known issues
Sharing with Numeric UIDs
With Server 10.4.0 and 10.4.1, sharing resources with users that have numeric user ids (e.g., "123") does not work in some cases. #37324
Apart from this patch release, please consider the ownCloud Server 10.4.0 release notes, below.
Changes in 10.4.0
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.4 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
Upgrading from ownCloud Server 10.3.x to 10.4.0 does not involve database migrations. The upgrade duration is, therefore, expected to be short.
PHP 7.0 Support Discontinued
As announced, in the previous release of ownCloud Server, from version 10.4 onward, ownCloud no longer supports PHP 7.0. If you’re running on PHP 7.0, it is necessary to upgrade PHP prior to conducting the upgrade to Server 10.4. We strongly recommend upgrading to PHP 7.2 or 7.3. See the system requirements for more information.
If you’re using the official Docker containers or the Univention appliance, this has been taken care of already. |
PHP 7.1 Deprecation Note
PHP 7.1 recently reached its end of life and is not maintained anymore. ownCloud Server will, therefore, drop support in one of the next minor versions as well. If you’re running on PHP < 7.2, please make sure to schedule an upgrade to PHP 7.2 or 7.3 as soon as possible. See the system requirements for more information.
Expiration Date for User and Group Shares
To give users and administrators more control of access to resources, Server 10.4 introduces an expiration date for user and group shares, just like in public links. With this new feature, users can control the lifetime of shares with other users or groups. Administrators can choose to set a default maximum lifetime and to enforce it. To integrate this change, the UI in the user/group sharing tab of the sidebar has been adapted. When a resource is shared, the user and group entries are expandable and collapsible using the cogwheel next to the trash bin icon to show/hide the permissions and the expiration date field to maintain an overview. Additionally, to allow users to recognize expiring shares at a glance, a new clock indicator will be shown next to the cogwheel.
Administrators can configure the feature in the 'Sharing' section of the admin settings.
Sharing Information in Subfolders
ownCloud Server 10.4 puts the focus on user awareness for shared areas to prevent accidentally sharing data or changing other users' data, as well as to make it easier for users to recognize who has access to shared areas. Practically, users are better able to recognize shared resources using a new share overlay indicator on file and folder icons. The indicators are also applied to resources that are not directly shared but are part of a share (when working in a shared folder).
Apart from that, the sharing sidebar panels have been improved to also show users/groups and public links which have access through shares on parent folders. These will be shown as static entries with a "via" indicator that allows users to jump to the parent folder and to change the share properties, if desired.
This sharing information is only shown to share owners (users that created shares) as other share recipients are not entitled to get detailed information about who else has access.
MariaDB 10.4 and PostgreSQL 10 Support
The discontinuation of PHP 7.0 enables support for MariaDB up to version 10.4 and PostgreSQL 10. Server 10.4 is thoroughly tested against these database versions and proven to work stably.
Other Notable Changes
-
External storages can now be mounted in read-only mode. #36397
-
Filter options (
--enabled
and--disabled
) have been added to theocc app:list
command to only show enabled or disabled apps, respectively. #36520 -
Support for Oracle DB connection strings has been added to be able to use Oracle-specific configuration settings like failover. #36489
-
Two new config.php options (
blacklisted_files_regex
andexcluded_directories_regex
) have been added to allow excluding files and folders from ownCloud using regular expressions (e.g., to prevent creating/renaming/scanning certain file types like ".pst"). See config.sample.php for more information. #36360 -
Previously, when a settings section did not have any panels to display, an "Error" was shown. This has been changed to be more user-friendly. #36776
-
The memory consumption of the
occ files:checksums:verify
command has been optimized, and the command will now show progress information. #36787 -
The memory consumption of the trash bin expiration background job has been optimized. #36565
Solved Known Issues
-
Folder download via the web interface now works in macOS Catalina. #36722
-
User creation now allows "" characters in the user id (e.g., to invite guests with mail addresses containing ""). For the change to take effect, you also need to upgrade the
guests
and/oruser_ldap
apps to the latest version. #36613 -
File locking actions are not available for public link endpoints anymore. #36402
-
occ files:transfer-ownership
now works in S3 multi-bucket setups. #36464 -
The "Notify by email" button in users/groups sharing now also works when the initiator does not have an email address set. #36505
-
Remaining
.part
files from unfinished uploads via public links will now be cleaned up. #36761 -
The quota usage calculation of the trash bin retention has been fixed. Previously, it mistakenly counted the space usage of incoming shares toward the user’s quota usage leading to undesired behavior, e.g., when
trashbin_retention_obligation
was set toauto
, the user had a quota set and incoming shares exceeded 50% of this quota. #36494 -
The command to sync single users from external user backends like LDAP (
occ user:sync -u 'username'
) does not abort anymore if multiple users matching the search term are returned (e.g., 'alice' could return 'alice' and 'alice1'). It will only abort if none of the results matches the search term (e.g., 'alice' returns 'alice1' and 'alice2'). #36576 -
When sharing with both a user and a group with the same name, adjusting the permissions of the second entry works again. #36813
For Developers
-
The WebDAV Trash bin API and the WebDAV endpoint for public links (introduced with 10.3.0) have left the tech preview state. They are considered stable and are enabled by default.
-
The config.php option to enable/disable tech preview APIs (
'dav.enable.tech_preview' ⇒ true
) has been removed as it’s obsolete. #36815 -
A new OCS User Sync API to trigger user sync from external user backends has been added. This allows external user provisioning systems to push new users to ownCloud on demand and removes the necessity to do full user sync. #36428
Known Issues
Password Policy App
If the public link expiration policy "days maximum until link expires if password is not set" is enabled, sharing with users and groups will not work. A fix for this issue is currently being developed. If you have already upgraded to ownCloud 10.4.0, please disable this option until the fix is available and deployed on your system. #287
This issue has been resolved with ownCloud Server 10.4.1.
Sharing with Numeric UIDs
With Server 10.4.0 and 10.4.1, sharing resources with users that have numeric user ids (e.g., "123") does not work in some cases. #37324
Changes in 10.3.2
ownCloud Server 10.3.2 is a bug fix and maintenance release. You can read the full ownCloud Server changelog for further details on what has changed.
Notable changes
-
Guest sharing works now even when the sharing restriction
Restrict users to only share with users in their groups
is enabled #36384 -
When creating a public link on a received shared resource (reshare), users can now send the public link via mail using the web interface if the feature is enabled #36386
-
occ system:cron
now only shows output when errors occur or when the--progress
option is added #36298 -
occ files:transfer-ownership
does not collect shares outside of the given path anymore preventing errors #36222 -
The
accounts.enable_medial_search
config.php setting now also respects federated user search #36225 -
When using multi-bucket object storage, versioning information is now stored on the object storage instead of the database #36329
-
When using the
share_folder
config.php option, the defined folder and its parents can’t be shared anymore #36241 -
Files/folders can again be shared when a user and a group have the same name #35488
-
occ files_external:list
can now list mount options by adding--mount-options
#36420
Apart from this patch release, please consider the ownCloud Server 10.3.0 release notes, below.
Changes in 10.3.1
ownCloud Server 10.3.1 is a bug fix and maintenance follow-up release. You can read the full ownCloud Server changelog for further details on what has changed. It is recommended to schedule an upgrade to this version soon.
Apart from this patch release, please consider the ownCloud Server 10.3.0 release notes, below.
Changes in 10.3.0
Dear ownCloud administrator, please find, below, the changes and known issues in ownCloud Server 10.3 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
-
For improved compliance with the OpenCloudMesh protocol specification (Federation) a migration step will convert the fields of the
remoteId
column of thefederated_reshares
andshare_external
tables fromint
tostring
. This migration might increase the upgrade duration depending on the number of federated shares. -
A repair step has been added that drops the deprecated
contacts_cards_properties
table. This migration is not expected to increase the upgrade duration significantly. -
A housekeeping repair step for the
oc_properties
table removes existing entries which havefileid
with valuenull
and restrict the further creation of such. This repair step is not expected to increase the upgrade duration significantly.
Official PHP 7.3 support
ownCloud Server 10.3 officially supports PHP 7.3. The Server Core and all apps maintained by ownCloud have received a full QA cycle and are proven to work reliably with PHP 7.3. If you are still using version 5.6, you must upgrade PHP before upgrading ownCloud Server as it’s not supported anymore since ownCloud Server 10.2. If you are still running PHP 7.0 or 7.1, please plan an upgrade soon as these versions are or will soon be unsupported, respectively. See the system requirements in the ownCloud Documentation for more information.
PHP 7.0 Deprecation Note
As announced with ownCloud Server 10.0.8 and 10.2.0, support for PHP 7.0 is discontinued. The next minor version of ownCloud Server (around the end of 2019) no longer supports PHP 7.0. If you are still running on PHP 7.0, please make sure to plan an upgrade to PHP >= 7.2 to stay compatible.
Changes to background job execution
For code cleanup reasons, the execution of background jobs (e.g., for public link expiration, trash bin emptying, cleanup of old file versions) has been changed.
The following changes require manual interaction in your installation:
-
If you’re using System cron to trigger background job execution, there is a new
occ
command (occ system:cron
) which executes the background jobs. To make use of it, you have to change the entry incrontab
. Instead of executingcron.php
(e.g.,/usr/bin/php -f /path/to/your/owncloud/cron.php
), cron should useocc system:cron
(e.g.,sudo -u www-data ./occ system:cron
). As a fallback,cron.php
will continue to work with Server 10.3 but will be removed in a later version. -
If you’re using Webcron to trigger background job execution you now have to call the new route
../cron
instead of../cron.php
. As a fallback,../cron.php
will continue to work with Server 10.3 but will be removed in a later version.
See the occ documentation for more information. |
In a later version of ownCloud Server, cron.php will be removed.
Please apply the changes to ensure that background jobs continue to work.
|
If your ownCloud deployment is based on the official Docker images or the Univention appliance, these changes have already been applied for you. |
Media Viewer replaces Gallery and Video Player
The Media Viewer app has recently been released.
The Media Viewer is the next generation image and video file viewer for ownCloud.
It provides a foundation based on new technologies and officially supersedes the former gallery
and files_videoplayer
apps.
ownCloud Server 10.3 does not bundle gallery
and files_videoplayer
anymore.
Instead, it bundles files_mediaviewer
.
With this change, support and maintenance for gallery
and files_videoplayer
are discontinued.
More details on the Media Viewer can be found in the release blog post.
-
For a clean transition to Media Viewer, it is necessary to disable both deprecated apps before the upgrade using either the admin "Apps" panel in the web interface or via
occ
(e.g.,occ app:disable gallery
followed byocc app:disable files_videoplayer
). -
After the upgrade, enable the Media Viewer app via the admin panel or
occ app:enable files_mediaviewer
. -
It is not recommended to continue with the deprecated apps. However, if you want to do so, you can copy over the
files_videoplayer
directory from theapps/
folder of the previous ownCloud Server directory and obtaingallery
from the ownCloud Marketplace.
Please do not enable gallery /files_videoplayer and files_mediaviewer simultaneously, as these apps are mutually exclusive.
|
For more information on the Media Viewer app, visit the ownCloud Documentation.
OAuth2 and session handling improvements
Server 10.3 comes with improvements for session handling with Redis. These are designed to cope with issues encountered around duplicate session tokens, which make the ownCloud Clients lose their OAuth2 authorization from time to time, and force users to re-authenticate.
The session handling in ownCloud 10.3.0 has been generally improved, making user and client sessions more stable. If Redis is used for session handling, it is necessary to enable Session Locking to ensure that the mentioned issues no longer occur.
You can find out if Redis session handling is configured in your web server if you generate an ownCloud Configreport in the web interface. You will find the value session.save_handler set to redis .
|
-
It is recommended to use Redis Session Locking if Redis is used for session handling (minimum required version for
php-redis
is4.1.0
) -
Enable Redis Session Locking by setting
redis.session.locking_enabled = 1
inphp.ini
If Redis is just used as a memory cache or not in use at all, you do not have to apply changes. |
Please note that Redis Session Locking is not supported in clustered Redis environments. |
If your ownCloud deployment is based on the official Docker images or the Univention appliance, you do not have to apply changes as Redis is not used for session handling (unless you configured it differently using ENV variables). |
Restructured user/group sharing autocompletion
To cope with long user names or additional user information and to provide a better overview for users, the user/group sharing autocompletion dropdown has been restructured. The available information is now distributed vertically to improve space usage and user experience. Screenshots are available in the pull request. Other ownCloud clients will align with this behavior with the next releases.
SWIFT object storage as primary & secondary storage removed
Following the deprecation announcement with ownCloud Server 10.0.9, support for primary and secondary storage via the OpenStack SWIFT protocol has been removed. Please get in contact with ownCloud Support if you’re still using OpenStack SWIFT and want to upgrade.
S3 object storage as secondary storage is now a separate app
The extension to integrate S3 object storages as secondary storages (files_external_s3
) has been updated, unbundled from ownCloud Server (was previously part of files_external
) and released to the ownCloud Marketplace.
If you’re using S3 external storage mounts, you have to conduct some steps to ensure continuous operation after upgrading to Server 10.3:
-
After the upgrade to Server 10.3 has finished successfully, keep the maintenance mode activated and install/enable
files_external_s3
(either manually or via the Market app) as the app is not bundled with ownCloud Server anymore. -
If users were allowed to configure personal mount points before the upgrade, switch from maintenance mode into single user mode (
occ maintenance:singleuser --on
) and enable the option again by ticking the respective checkbox (Amazon S3) below "Allow users to mount external storage" (in Admin settings ⇒ Storage). -
Existing storage mount points will remain and do not have to be touched.
-
Make sure that everything works and disable maintenance/single-user mode to put the installation back into normal operations (
occ maintance:mode --off
/occ maintenance:singleuser --off
).
New HTTP APIs
ownCloud Server is being prepared for Phoenix, the upcoming web frontend for ownCloud. As Phoenix is separated from the backend and communicates only via HTTP APIs, it is necessary to complete the API coverage.
The following new HTTP APIs have been added with Server 10.3:
All new endpoints are currently in tech preview state and are mainly used for Phoenix development.
For this reason, they are disabled by default and have to be explicitly enabled using the new config.php option: 'dav.enable.tech_preview' ⇒ true,
.
Other Notable Changes
-
The
previews_path
config option has been added to allow customization of the thumbnail storage path (by default those reside in the user storage). #35131 -
An Activity entry is now shown when a share receiver unshares a share. #35193
-
The WebUI experience on mobile devices has been improved. #35919 #35813 #35347 #34803
-
The config.php options
proxy
andproxyuserpwd
will now be respected to enable federation when an instance needs to go through an authenticated proxy to reach a federated instance. Seeconfig.sample.php
and the Federated Cloud Sharing Configuration documentation for more information. -
The
occ files:scan
command is now case-insensitive for the userid. #35324 -
A new
config.php
option (dav.enable.tech_preview
) has been added to disable tech preview APIs by default. #36124 -
[PHOENIX] Support for redirecting links to ownCloud Phoenix frontend has been added by introducing a new
config.php
option which stores the address where Phoenix is reachable (e.g.,'phoenix.baseUrl' ⇒ 'http://phoenix.example.tld:port'
). #35819 -
The performance when loading groups of users has been improved. #35822
-
Memory handling for the trashbin expiry background job has been improved. #35708
Solved Known Issues
-
A new occ command,
encryption:fix-encrypted-version
, has been introduced to address issues related to encrypted files no longer being accessible. This originated from a security measure to avoid that encrypted files with the same content look identical. In some cases, users get aBad Signature
error when trying to access files. The new command corrects this behavior, making files accessible again. The command only needs to be run if users report the mentioned error. #115 -
If an instance uses the
share_folder
config.php option to gather incoming user shares in a specific folder, this folder cannot be deleted by users anymore. #35998 -
The
share_folder
config.php
option now also respects federated shares. #35396 -
The
user.min_search_length
config.php option now also respects federated users. #35977 -
Issues with database conversions using the
db:convert-type
occ command (e.g., SQLite to MySQL) have been fixed. This is still in an experimental state and should be tested thoroughly. Please provide feedback if you encounter issues. #35390 -
File integrity checking has been improved to prevent issues: If a checksum mismatch occurs after uploading a file, the uploaded file and its checksum is deleted to prepare for a clean re-upload. #35294
-
User/group sharing permission handling
-
When a share recipient shared a resource with a group the resource owner was a member of (reshare), the resource owner was unable to increase the permissions of the initial share. This has now been fixed. #35884
-
When a user shared a resource with a group, share recipients (members of the group) were able to remove the share altogether (instead of just unsharing from themselves). This has been fixed. #36120
-
-
External storages now return
StorageNotAvailable
correctly on temporary network failures to prevent associated issues (e.g., Desktop clients will not delete local folders anymore when the storage is temporarily not available). #35707 -
External storage: Multiple Google Drive external storages can be added again. #34987
-
The input fields in user administration are not captured by password manager autocompletion anymore. #35931
-
Storage encryption with a master key in an HSM: Recreating a master key works again. #128
For developers
-
Tech preview for WebDAV Trash bin API (disabled by default). #35716 #35879
-
Tech preview for OCS API for public link share email notifications (disabled by default). #36063
-
Tech preview DAV endpoint for public shares (disabled by default). #35932
-
Two-factor providers may now display custom challenge messages. #34848
-
The theming capabilities have been improved by allowing HTML for
Name
andLogoClaim
. Please check the changes to owncloud/theme-example if you are interested in making use of this in your theme. #35273 -
A new Roles API has been added to allow clients to query the server for available permissions/roles for user/group sharing and public links. In future client releases, this endpoint will be used to dynamically display roles/permissions depending on the server’s capabilities. You can find out more about it in the Roles API documentation.
-
A new, improved version of the "Advanced Sharing Permissions" JavaScript API (v2) has been added to allow ownCloud apps to register additional permissions/restrictions in user/group sharing. Version 1 of the API is still available in parallel. #35863
Known Issues
This section will be updated if further issues become known. |
-
WebDAV Locks: When a file in a folder is locked, exclusively locking the parent folder currently still works ("conflicting lock"; divergent from RFC 4918)
Changes in 10.2.1
ownCloud Server 10.2.1 is a bug fix and maintenance release taking care of several bugs and known issues. Please find, below, the changes in ownCloud Server 10.2.1 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed. It is recommended to schedule an upgrade to this version soon, especially if you’re running 10.2.0 already.
No occ upgrade is required when upgrading from 10.2.0. |
Improved Performance For Storage Encryption With Master Key
ownCloud Server offers two ways for key management with storage encryption.
Either a central master key pair or individual user key pairs are used to encrypt/decrypt data.
Previously both modes used the same mechanisms which resulted in potentially significant overhead when master key encryption was used as user key encryption relies on so-called share keys
which are necessary to allow share recipients to decrypt shared files.
With master key encryption, share keys
are redundant as you have one central key that can be used to decrypt all files.
Version 10.2.1 corrects this behavior by dropping share keys
for master key encryption, thereby increasing the performance dramatically, especially when sharing folders with many files as said keys do not have to be generated anymore for each file.
Solved Known Issues
-
Fixed reshare permission issue
An issue in the Sharing API allowed users to increase sharing permissions beyond their own permissions in a reshare scenario: When user A shares a folder "Project" with user B, granting only read and share permission, then the Sharing API allowed user B to reshare a subfolder of "Project" with user C granting full permissions or to create a public link on the shared folder, respectively. This undesired behavior is fixed with 10.2.1. -
Fixed issue with Sharing API and enforced public link expiration dates
An issue in the Sharing API caused the ownCloud clients to prevent users from creating public links when the option "Enforce expiration date" for public links is in use. This is now solved. -
Fixed known issue with user avatar paths
Version 10.2.0 accidentally changed the location of user avatars making them unavailable and storing uploaded avatar images in the wrong location. 10.2.1 restores the earlier behavior and provides a repair step to move back the avatar images uploaded with 10.2.0 to the right location. As it is not necessary nor possible to runocc upgrade
when upgrading from 10.2.0 to this patch release, if you are already running 10.2.0 then after installing 10.2.1 you need to runocc maintenance:repair -s 'OC\Repair\MoveAvatarIntoSubFolder'
manually to trigger the repair step. -
Fixed known issue with "Password changed" HTML emails rendered in plain text
-
Fixed use of invalid token on password reset
Password reset links sent to a user were invalid, if the user attempted to login using their e-mail address and an invalid password prior to filling out and submitting the Reset Password form. -
Fixed issue when removing a user from a group
Removing a user from a group using the user management UI resulted in an error that required the page to be refreshed to show the changes. This has been corrected. -
Added -y option to
occ encryption:encrypt-all
command
The occ commandencryption:encrypt-all
now offers a-y
option that can be used to automatically answer potential questions with "yes" which is particularly important for automated deployments with Ansible or similar tools. -
Fixed an issue with loading JS files when multiple apps folders are in use
Previously ownCloud would have taken the files from theapps/
folder even though there might be newer versions in e.g.apps-external
. This has been changed so that ownCloud will always take the files from the most recent app version.
Apart from this patch release, please consider the ownCloud Server 10.2.0 release notes. |
Changes in 10.2.0
Dear ownCloud administrator, please find, below, the changes and known issues in ownCloud Server 10.2 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Migrations
Please note that this minor release contains database migrations which impact the upgrade duration. Specifically:
-
The
oc_share
table has a new column. The time the upgrade takes for this change depends on the number of shares in your ownCloud installation. -
The
oc_authtoken
table’s login name column size has been increased. The time the upgrade takes for this change depends on the number of recently logged in users, and the number of app passwords that have been created.
PHP 5.6 Deprecation
Following up the PHP 5.6/7.0 deprecation notice in the ownCloud Server 10.0.8 releases ownCloud Server 10.2 does not support PHP 5.6 and some apps no longer support older PHP versions. Additionally, PHP 7.3 support will be available in an upcoming version.
If you’re still running PHP 5.6, you must upgrade to PHP 7 before upgrading to ownCloud Server 10.2. Please be aware that apps that do not support outdated PHP versions will not upgrade.
To allow for additional upgrade time, version 10.2 still supports PHP 7.0, because some of the major Linux distributions continue to support it. However, support for PHP 7.0 will be discontinued in an upcoming version of ownCloud 10, to enhance both security and performance. To prepare for this change, we strongly encourage you to begin planning an upgrade as soon as possible.
Advanced Sharing Permissions
The new server version introduces the means for extensions to implement additional, advanced permissions for user and group sharing. This feature increases sharing flexibility and opens the doors for extension developers to introduce new functionality based on sharing permissions.
Especially, considering collaborative editing solutions, this addition provides the foundation for mode-based document sharing, such as "view-only", "comments-only" or "enforce change tracking". In the future, such advanced permissions should significantly improve the security as well as the usability of review processes, working on Office documents collaboratively, or exchanging information securely.
Based on the new capabilities a set of features has been developed together with Collabora Online, called Secure View. Secure View is designed to enable information distribution processes for sensitive data, meaning that information can be provided securely yet can — under no circumstances — leave the platform.
Practically, it enables users to share documents (such as docx, xlsx, pptx, and PDF files) in such a way that the recipient can’t edit, download, copy and paste, nor print them. Additional protection for screenshots and photos is provided by watermarks which display user information. What’s more, users can decide to allow printing and exporting of documents protected by watermarks as well.
More Granular Permissions for Public Links on Folders
With ownCloud Server 10.2, the former "Download / View / Upload" permission has been renamed to "Download / View / Edit", as this better reflects its behavior (full permissions). Additionally, a new permission ("Download / View / Upload") has been introduced which allows recipients to view, download, and upload contents but not to make any changes to existing content (e.g., rename, move, delete, update). Another way of looking at it is as a public file drop folder for distributing and gathering information with a single link, yet which prevents recipients from altering the existing content.
Storage Encryption with Master Key in HSM
With version 10.2, ownCloud Server officially supports storage encryption with master keys stored in hardware security modules (HSM). In contrast to regular master key-based storage encryption, which stores the keys on the storage, storage encryption with keys in an HSM allows administrators to completely prevent anyone with access to the storage from accessing the data stored in ownCloud.
As a result, the bundled encryption
app has been updated to support HSM, and a standalone service (hsmdaemon
) that connects ownCloud Server and the HSM device is now available within ownCloud Enterprise Edition.
To get started with storage encryption and HSM, please get in touch with us.
For more information around the different encryption types ownCloud offers, consider this whitepaper.
Background Job for Change Detection of Nested Federated Shares
When using federation to share data across ownCloud instances, deeply nested folders (e.g., folders with many sub-items) are not discovered automatically for performance reasons. This leads to several issues such as the ownCloud Desktop Client not being able to synchronize newly added or changed content unless the user navigates down the hierarchy using the web interface, which manually triggers content discovery.
Also, the size of such folders can’t be calculated, showing "Pending" instead, until the discovery is manually triggered.
To help alleviate this problem, a new occ
command has been introduced.
It can be executed regularly as a background job to discover federated shares (occ incoming-shares:poll
).
This is aimed at handling this issue while providing the means for administrators to control resource usage.
When using federation, it is recommended to execute occ incoming-shares:poll
regularly using Cron jobs.
The time interval to choose between executions is a trade-off between the availability of changes in federated shares and resource consumption, which naturally depends a lot on the number of federated shares and the frequency of changes within those shares.
Executing the command once per 12 hours should be safe enough for any instance. However, the interval could be reduced to once per 2 hours for instances with a low number of federated shares.
Depending on the desired resource consumption this value should be lowered or increased based on individual expectations. To find a value that fits a specific setup, it is recommended to execute the command once, measure the execution time and set the interval so that the background job can finish before the next execution is triggered.
New Option to Automatically Accept Federated Shares from Trusted Servers
ownCloud Server 10.0.9 introduced the Pending Shares feature which allows users to decide whether or not they want to accept local user shares instead of just making the decision for them, giving more control thereby. In contrast, Federated shares always had to be accepted as they can originate from external, potentially untrusted, sources.
ownCloud Server 10.2 introduces a global option to automatically accept federated shares originating from trusted servers. This option enables providers of several instances (e.g., an external and an internal instance) to facilitate or automate data exchange between them, not requiring users to accept shares.
For security reasons, federated shares from untrusted servers will never be accepted automatically. |
New Privacy and Self-Service Options for Users
In the spirit of self-service, ownCloud Server 10.2 introduces new options for users that previously were reserved for global admin settings:
-
As discussed in the section above, there are global options for Pending Shares regarding federated as well as regular user/group shares. To give users more control over the sharing behavior in the scope of their account, user-based override options were introduced that allow users to enable/disable Pending Shares for themselves if the instance’s global setting is disabled (when "Automatically accept new incoming local user shares" is enabled). The two new checkboxes can be found in the 'Sharing' settings panel of personal settings.
-
In addition to the option "Allow username autocompletion in share dialog" in the global 'Sharing' settings, users can now autonomously decide to opt-out of autocompletion to protect their privacy. When enabled, other users need to enter a user’s full identifier to be able to share with them. This option is not a general override but an opt-out, meaning it can only be used when "Allow username autocompletion in share dialog" is enabled. The new checkbox is available in the 'Sharing' settings panel of personal settings.
Other Notable Changes
-
Added email footer with motto in email for changing passwords. If you use customized email templates, it is necessary to adapt those to incorporate the footer. Please compare the original templates with your custom templates (
core/templates/lostpassword/notify.php
andcore/templates/lostpassword/altnotify.php
). -
Repair steps can now be executed individually in case one would need to be run again. Repair steps are employed to clean up and resolve issues from former versions. Usually, they run during upgrades, but some scenarios make it necessary to rerun them. To save time when only specific steps need to be taken, administrators can now individually execute them using
occ maintenance:repair --list
andocc maintenance:repair --single "<repair step>"
. -
Command for the first run wizard to reset for all users. In some cases, administrators customize the First Run Wizard in order to distribute information to users. Using
occ firstrunwizard:reset-all
you can reset the popup so that it will appear for each user upon their next login. -
Added checkboxes to hide quota and password in user management. The columns in user management have been made more flexible. Using the bottom left cog wheel you can now show/hide the columns for Quota and Password.
-
By default, the "apps-external" directory is included in config.php during installation. For new installations, there will be two apps directories so that the bundled apps are distinguishable from the apps that were installed or updated by the administrator. Existing installations will not change but, generally, this separation is recommended in all scenarios, as it makes upgrading easier and less error-prone.
-
Update the
occ files:scan
--group
and--groups
options. Theocc files:scan
command is used to scan resources on the storage and make them available in ownCloud. While previously it could only be used for all or single users and groups of users, you can now also execute it for groups where the group name contains a comma. -
Allow administrators to enable/disable medial search for users and groups. Medial search is used to get search results when typing keys within a search term in autocomplete fields (e.g. when typing "ter" you’ll find "Peter"). Depending on the configuration of available search terms (e.g., attributes from LDAP), search results can deliver better results without medial search. For these reasons medial search can now be enabled/disabled for user (
'accounts.enable_medial_search'
) and group ('groups.enable_medial_search'
) search. See config.sample.php for more information. -
Added a new occ command,
background:queue:execute
, for running cron jobs manually. -
Added two new
occ background:queue
commands:status
anddelete
.-
status
lists the current background job queue status -
delete
removes a single background job, identified by its id.
-
Solved Known Issues
-
Fixed public link share default expiration behavior #34971. Previously, when a default expiration date for public links had been set by an administrator (without enforcement option), the default value has been applied upon link creation even when a user removed it. The only way to create a link without expiration date was to subsequently edit it and remove the expiration date. This has been fixed to work as expected.
-
Better support for international email addresses after Swiftmailer update #34759
-
Improved speed of apps list settings page by caching integrity check results #34584
-
Improved upgrade speed when migrating avatars from oC < 10 #34592
-
Improved performance and memory usage of account sync service #34546
-
Store quota overrides in the
oc_preferences
table #34467. In former versions, functionality has been introduced to preserve quota values either imported via LDAP attributes against manual changes by the administrator in ownCloud user management, or via the provisioning API. This functionality works again properly. If you sync accounts from LDAP and have a quota attribute specified in LDAP, eachuser:sync
run will set the quota values to the ones from LDAP, no matter if they were changed manually. -
Images are again properly rotated now based on EXIF rotation, also affects gallery app #34356
-
An exception is logged when a background job class is not found - 34723
Known Issues
This section will be updated if further issues become known. |
-
Server 10.2 accidentally changes the location of user avatars on the storage from
data/avatars/..
todata/..
, making existing avatars unavailable and storing uploaded avatar images in the wrong location. The next release will correct the behavior. -
The HTML email that confirms a successful password change is rendered in plain text. Please apply this patch to fix the issue.
-
WebDAV Locks: When a file in a folder is locked, exclusively locking the parent folder currently still works ("conflicting lock"; divergent from RFC 4918)
For Developers
-
It is now possible for apps to specify extra permissions for shares #34951
-
Add before-after share link auth events #34399
-
Add events for user preference changes #34820
-
Added CORS headers for many existing API calls, required for Phoenix #34476
-
Remove classes that were deprecated since OC 8.0.0: OCP\Config, OCP\PERMISSION_XXX, OCP\Template #34927
-
A capability has been added to the Capabilities API to allow clients to check whether the server supports the details parameter for private links, e.g., as a direct link to a resource’s sharing or versions tab in the web interface #35104
Changes in 10.1.1
ownCloud Server 10.1.1 is a hotfix follow-up release that takes care of an issue with loading updated apps. Instead of updating the app versions to their new values in the database, the old version value is written causing the process to repeat with every request.
This issue can cause high load on the database, especially in large installations. If you have already upgraded to 10.1.0, we strongly recommend upgrading to 10.1.1. You can expect minimal downtime for the upgrade to this patch release.
Apart from this patch release, please consider the ownCloud Server 10.1.0 release notes.
Changes in 10.1.0
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.1 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Semantic Versioning
Starting with this release, ownCloud Server and the app ecosystem will follow the principles of Semantic Versioning. This step was taken to benefit operators by clearly indicating the contents and upgrade procedures of new releases via version numbers. Practically, the versioning scheme will follow the "Major.Minor.Patch" (or "Breaking.Feature.Fix") format. App developers need to re-release their apps to make them compatible with the new version. For details, please refer to this blog post.
Change Management for Server Updates
occ upgrade
pulls app updates from the ownCloud Marketplace to make sure that not only the Server itself but also the installed apps are kept up-to-date. In line with the new versioning principles occ upgrade
as well as the Market App now make a difference between major and minor app updates. Practically, this means that during a minor Server upgrade only new minor app versions will be installed. This is to make sure that apps with breaking changes will not be automatically installed when upgrading the Server. The --major
option for occ upgrade
and occ market:install
provides the means for administrators to force installing new major app versions. Additionally, the Market App now includes a version picker to enable administrators to choose which version of an app they want to install or upgrade to.
MS Office Online Server Compatibility
Version 10.1 delivers all the prerequisites to be compatible with the Microsoft Office Online Server Integration (WOPI) that is about to become available. This enables providers to integrate ownCloud Server with Microsoft’s Office Online Server which brings users the benefits of working on Office documents in the browser as well as collaboratively with other users. The integration will work with MS Office Online Server (on-premise) out-of-the-box. We kindly ask you to get in touch with us if you want to make use of the Office 365 (cloud) version of Office Online.
WebDAV Locks
ownCloud Server 10.1 introduces WebDAV Locks that allow clients to lock and unlock resources to prevent other users from making changes. The feature has been implemented as a prerequisite for manual file locking and MS Office Online Server compatibility. In the current state, file locking is only available via API. Users can recognize locked files via the "lock" icon in the file list. Additionally a lock owner (the user who locked the file) can manually unlock them via the "Locks" tab in the right sidebar. The "Locks" tab will only appear for files that have active locks.
Foreign Keys in Database
Please note that foreign keys have been added with the :WebDAV Locks feature. This is the first time ownCloud implements foreign keys.
How Does This Affect Each Database
MySQL
MySQL supports foreign keys. They are enabled by default.
MariaDB
MariaDB supports foreign keys. They are enabled by default.
PostgreSQL
PostgreSQL supports foreign keys. They are enabled by default.
SQLite
Foreign keys are, by default, disabled in SQLite. You must ensure that foreign keys are enabled in your SQLite installation. Here is what the current documentation says about enabling foreign key support:
To enable foreign key support, the library must be compiled with neitherSQLITE_OMIT_FOREIGN_KEY
orSQLITE_OMIT_TRIGGER
defined. IfSQLITE_OMIT_TRIGGER
is defined butSQLITE_OMIT_FOREIGN_KEY
is not, then SQLite behaves as it did prior to version 3.6.19 (2009-10-14) - foreign key definitions are parsed and may be queried using PRAGMA foreign_key_list, but foreign key constraints are not enforced. The PRAGMA foreign_keys command is a no-op in this configuration. IfSQLITE_OMIT_FOREIGN_KEY
is defined, then foreign key definitions cannot even be parsed (attempting to specify a foreign key definition is a syntax error).
SQLite is not recommended for production deployments. |
Oracle
Oracle supports foreign keys. They are enabled by default.
Federation: Compliance with proposed OpenCloudMesh 1.0 specification
Federation enables instances of ownCloud and other supporting platforms to exchange information. It allows users to share data across installations building a worldwide collaboration network of decentralized nodes - each under the full control of it’s provider. Together with the other vendors the underlying OpenCloudMesh API specification has been shifted to a new level to clean up the interface, improve its stability and to set the foundation for future feature improvements. ownCloud Server 10.1 is compliant with the new specification proposal. The introduction of the new specification does not involve changes in functionality for users.
New Collaborative Tags Scope: Static Tags
Version 10.1 comes with a new scope for Collaborative Tags called "Static Tags". In addition to the other tag scopes, these tags are intended to be supplied by administrators and linked with policies in the File Firewall, Document Classification or Workflows, for example. Every user will be able to see these tags assigned to files but only users in specified groups have the permission to assign or unassign them. This makes it possible to equip certain users with the means to impose pre-defined policies upon files. To create such tags administrators need to use the Collaborative Tags Management extension.
Other notable changes
-
The user/group deletion in the users page now has a confirmation dialog to prevent unintentional user deletion
-
The default public link share name has been changed to be "Public link" instead of formerly the file or folder’s name
-
Allow loading JSON files in setups with pretty URLs. Please check that the .htaccess file has updated automatically. If not, see https://github.com/owncloud/core/pull/32718/files for the required change.
Solved Known Issues
-
LDAP users can upload avatars again #33369
-
Versions list performance improvements #33291
-
Improved compatibility with third party WebDAV applications (fixed PROPFIND with depth infinity requests through Sabre update) #28341
-
Fixed
occ encrypt-all
command to not attempt re-encrypting already encrypted files #33206
Known issues
-
WebDAV Locks: When a file in a folder is locked, exclusively locking the parent folder currently still works ("conflicting lock"; divergent from RFC 4918)
For Developers
-
Added "getBucket" method to HomeObjectStore to fix S3 issue #33513
-
Public JS utility function for email validation #33699
-
If only the patch level of an app’s version changes no migrations will run when updating #33218
-
Deprecated Sharing 1.0 PHP APIs which will be removed in ownCloud 11 #33220
-
Add "uid" argument to Symfony login events for consistency #33470
Changes in 10.0.10
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.0.10 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Official PHP 7.2 Support
After announcing the future deprecation of PHP 5.6 and 7.0 with the 10.0.8 release, ownCloud Server now follows up by officially adding PHP 7.2 support. The Server Core and all apps maintained by ownCloud have received a full QA cycle and are proven to work reliably with PHP 7.2. ownCloud Server is also being prepared for PHP 7.3, which is scheduled to become available by the end of 2018.
If you are still using versions 5.6 or 7.0, please plan an upgrade to 7.2 soon. See the system requirements in the ownCloud Documentation.
With PHP 7.2 some extensions have changed. If you have not yet upgraded, you need to install php-openssl .
See #30337 for more information.
|
New Local User Creation Flow
In previous versions, administrators created local users by entering a username and a password. In many cases this is undesirable, as administrators set the password for new users and need to provide it via a second communication channel. For this reason the local user creation flow has been changed to expect a username and an email address, which will be used to send an activation link to new users.
This way user creation is easier and more secure as new users are informed automatically and can choose a password in self-service. For cases where administrators want to set the initial password, it’s possible to deviate from the default by setting the option "Set a password for new users" on the bottom left settings cog. The former option "Send email to new users" has been removed, as this change made it obsolete.
HTTP API for Search
ownCloud Server 10.0.10 introduces an HTTP API for search functionality. It enables the use of search terms to query the server and the delivery of search results via HTTP (WebDAV). In upcoming releases, ownCloud clients will make use of it to search content on the server, without the need to have them available locally.
In combination with the Full-Text Search integration, which is soon to be released as an ownCloud Server extension (Community Edition), HTTP API for Search will boost usability and productivity for users. For example, they will be able to search through all the content which they store in their account and quickly find files on their smartphones.
Native Brute-Force Protection
Together with the new server version, another security-enhancing extension is available, Brute Force Protection. This extension is tasked with preventing attackers from guessing user passwords (brute-force attack) by delaying subsequent failed login attempts for a user account from the same IP address.
While in the past similar functionality was only achievable via third party applications, such as Fail2Ban, this extension provides the functionality natively, configurable by ownCloud administrators on the Security settings section.
The new extension supersedes the former Security extension together with the new Password Policy extension, which has been released with ownCloud Server 10.0.9. This community-contributed extension is well-tested, but out of ownCloud’s general support scope. However, individual support can be obtained on request.
Improved Reliability for Uploads Via Web Interface on Unreliable Connections
The reliability of the file upload feature in the ownCloud web interface has been improved. When uploading larger amounts of data on unreliable connections (e.g., on the train or with mobile data) you have to deal with interruptions and timeouts, which in the past required users to restart stalled uploads from the beginning in the worst case.
On top of ownCloud’s chunking mechanism, which splits large files into pieces and uploads them separately, there’s new logic that takes care of retrying stalled chunks. With this, uploads can now continue from the point they froze when a connection becomes available again.
New Option to Prevent Sharing With Specific System Groups
System groups in ownCloud can have many purposes. They can be used for sharing with many users at once, for feature and access restrictions, or for storage mounts to specific users - just to name a few. In some cases, especially in larger deployments, it’s undesirable that groups which are used for other purposes are also available for sharing. To prevent users from sharing with such groups, administrators can now blacklist the respective system groups using the option "Exclude groups from receiving shares" in the administration settings "Sharing" section.
New Options for the occ Command to Reset User Passwords
The occ command user:resetpassword
allows system administrators to reset or change user passwords.
It has been extended to provide the additional options --send-email
and --output-link
, which can be used to send a password reset link to the user via mail and output the password reset link to the command line, respectively.
This change is in line with the new local user creation flow, which is explained above, and can also be used for further processing with scripts.
See the ownCloud Documentation and the --help
option for more information.
New Default Minimum Supported Desktop Client Version
To ensure clean and reliable operation of the ownCloud platform it is important to stay up-to-date with the latest releases for the server as well as the clients.
To take care of compatibility between the server and desktop clients, the minimum version the server will accept connections from has been raised to version 2.3.3
.
While it’s recommended to keep up with later versions, this is the new default value.
It can be changed by altering the config.php parameter 'minimum.supported.desktop.version' ⇒ '2.3.3',
if absolutely necessary.
New Option to Configure the Language of Mail Notifications for Public Links
Usually ownCloud renders mail notifications in the language of the recipients, when they are known. For the recently improved feature to send public links with a personal note directly from the user interface, the recipients' language can’t be determined automatically, it just knows the recipients' mail addresses.
ownCloud therefore uses the language of the user who sent the notification, which can have the drawback that recipients can’t understand them. This is still the default behavior but administrators can now change it via a dropdown menu "Language used for public mail notifications for shared files" in the settings "Sharing" section.
Theming Changes
Mail templates for share notifications do not strip line breaks from the personal note anymore.
This affects the HTML (core/templates/mail.php
) and plain text (core/templates/altmail.php
) mail templates.
The default templates shipped with ownCloud Server 10.0.10 have been modified to accommodate these changes.
If your custom theme overrides these templates, you have to follow up with the changes:
-
Replace the following line of the HTML template
p($l→t("Personal note from the sender: %s.", [$['personal_note']]));
withprint_unescaped($l→t("Personal note from the sender: <br> %s.", $['personal_note']));
. -
Replace the following line of the plain text template
print_unescaped($l→t("Personal note from the sender: %s.", [$['personal_note']]));
withprint_unescaped($l→t("Personal note from the sender: \n %s.", $['personal_note']));
.
Other Notable Changes
-
Allow automated SSL certificate verifications for CAs other than Let’s Encrypt. See #31858 for further details.
-
"/" and "%" are now valid characters in group names. See #31109 for further details.
-
New audit events for login action with token or Apache. See #31985 for further details.
-
Log entries for exceeding user quota: Loglevel changed to "debug" (Insufficient storage exception is now logged with "debug" log level).
-
The app for embedding external sites to the app launcher ("external") now supports icons that originate from theme apps.
-
The occ command to deactivate storage encryption (
occ encryption:decrypt-all
) has received stability improvements and can now read the required recovery key from an environment variable which is very helpful for a scripted per-user decryption process.
Solved Known Issues
ownCloud Server 10.0.10 takes care of 10.0.9 known issues and provides remedies for several others:
-
The Password Policy extension now works with two- or multi-factor authentication extensions. See #32058 for further details.
-
The
Versions
feature now works also when theComments
app is disabled. See #32208 for further details. -
E-mail addresses with subdomains with hyphens are now also accepted for public link emails. See #32281 for further details.
-
Allow null in "Origin" header for third party clients that send it with WebDAV. See #32189 for further details.
-
Properly log failed message when token based authentication is enforced (Fail2Ban). See #31948 for further details.
-
Deleting a user now also properly deletes their external storages and storage assignations. See #32069 for further details.
-
Lockout issues with wrong passwords for Windows Network Drives are mitigated: Fixed mount config in front-end to only load once to avoid side effects. See #32095 for further details.
-
Fixed update issue related to oc_jobs when automatically enabling market app to assist for update in OC 10. See #32573 for further details.
-
Fixed missing migrations in files_sharing app and add indices to improve performance. See #32562 for further details.
-
Fixed issue with spam filters when sending public link emails. See #32542 for further details.
Known Issues
Currently there are no known issues with ownCloud Server 10.0.10. This section will be updated in the case that issues become known.
For Developers
-
Search API for files using WebDAV REPORT and an underlying search provider. See #31946 and #32328 for further details.
-
Add information whether user can share to capabilities API. See #31824 for further details.
-
Hook
loadAdditionalScripts
now also available for public link page. See #31944 for further details. -
Added URL parameter to files app which opens a specific sidebar tab. See #32202 for further details.
-
Allow slashes in generated resource routes in app framework. See #31939 for further details.
-
The app for embedding external sites to the app launcher ("external") has been moved to a separate repository. It is still bundled with ownCloud Server releases and can be used normally.
Changes in 10.0.9
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.0.9 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
New Features
Pending Shares
ownCloud Server 10.0.9 introduces new features to close usability gaps and to give users more control over incoming shares. Previously, shared contents would appear, unannounced, in the receiving user’s file hierarchy, and clients would start synchronizing.
Incoming shares can now have a pending state, offering the ability to accept or decline (as known from federated sharing). We anticipate that this will provide a better user experience.
In addition, the recently introduced notifications framework is being used to inform users via mail.
The bell icon in the web interface and the ownCloud Desktop Client can additionally be used to take action.
To switch to the new behavior administrators need to disable the configuration option
Automatically accept new incoming local user shares
in the Sharing settings section.
By default the option will be enabled to preserve the known behavior.
Mail notifications do not, currently, support asynchronous batch processing. For this reason, ownCloud will send notification emails directly when initiating shares between users. Due to this limitation, sharing with large groups (> 50 users) can take some time and might cause load peaks. When operating installations with large groups, it is, therefore, not yet recommended to enable the feature.
Overview of pending & rejected shares
In addition to the "Pending Shares" feature, ownCloud Server now provides the means to view "accepted", "pending" and "rejected" incoming shares. Leveraging the "Shared with you" filter in the left sidebar of the files view users can now list all incoming shares, their respective states and have the ability to switch between the states easily.
This improvement not only empowers users to accept rejected shares subsequently but also to restore shares that have been unshared before without requiring the owner to share it again.
Password history and expiration
To prepare ownCloud Server for new capabilities in the authentication process, we have introduced an authentication middleware, and a new major version of the Password Policy extension is now available.
The Authentication Middleware
It:
-
Offers a defined way of inserting mandatory functionality between user authentication and user account access. For example, forcing users to accept legal agreements.
-
Affords the ability to interact with the user during the login process, such as retrieving user details like their email address.
The authentication middleware is currently focused on offering new features for the Password Policy extension. |
The Password Policy Extension
The Password Policy Extension has got a new major release and has been relicensed (OCL ⇒ GPLv2) to be available for community and standard subscription users as well. It now supports password expiration and history policies for user accounts.
These features don’t apply to users imported from LDAP or other backends but only for local users created by administrators or the Guests extension. |
Imposing password expiration and history policies enhances security for a number of reasons. For example, by forcing users to choose a new password, they can be prevented from using one or more of their previous passwords. In doing this, it encourages them to not use a previous password, which may be known to attackers.
Two further examples are manually expiring passwords and configuring the number of days that have to pass since the last change before the password expires. These help ensure that users change their passwords on a semi-regular basis, making them harder to crack.
However, we encourage administrators to always consider the implication of their password policies, so that they strike an appropriate balance between security and usability. For example, a high frequency of password changes, for instance, might increase security but could also decrease user satisfaction.
To help ensure a good user experience it is possible to configure:
-
Email notifications.
-
Internal notifications (they appear on the web interface and clients).
-
The password history count.
-
The days before reminder notification are sent.
Users will always be informed when passwords have expired.
Although the above two password practices are discouraged by NIST, ownCloud is now fully compliant with common password guidelines in enterprise scenarios. |
When users employ tokens for client authentication, which can be configured on the user settings page ("App passwords"), those are not affected from password policies. |
When imposing password expiration policies on an existing installation it is necessary to take some further actions. Please consult `the ownCloud documentation`_ for guidance. |
Technology preview for new S3 Objectstore implementation
ownCloud Server 10.0.9 comes with the prerequisites to be ready for the new S3 Objectstore implementation "files_primary_s3", which will massively improve performance, reliability and protocol-related capabilities. The new extension is available as a technology preview via the ownCloud Marketplace and will supersede the current Objectstore extension.
It has received extensive testing and is in very good shape. However, there is no out-of-the-box migration from the current Objectstore to files_primary_s3 as this will require individual guidance.
Due to changes to the Versioning API, the ownCloud Ransomware Protection is not yet compatible with files_primary_s3. For now the Objectstore extension will continue to work as usual. Once the new implementation leaves the technology preview state and migrations have been taken care of, the current implementation will be deprecated.
SWIFT Objectstore Deprecation
As the markets are moving in the direction of the S3 protocol to communicate with object storages, ownCloud will follow this path with a clear focus. To do this, it will be a necessity to deprecate object storage via the OpenStack SWIFT protocol.
The extension will still be available as part of ownCloud Server, but it will neither be maintained nor developed any further by ownCloud, and support will be discontinued. Please make sure to move to the S3 protocol to use object storage as primary storage with future ownCloud Server versions.
New options to display Imprint and Privacy Policy
To enable GDPR and legal compliance in various jurisdictions for ownCloud providers, it is now possible to specify links to Imprint and Privacy Policy:
-
In the "General" Administration settings section
-
Via the following OCC commands:
-
sudo -u www-data ./occ config:app:set core legal.imprint_url <link>
-
sudo -u www-data ./occ config:app:set core legal.privacy_policy_url <link>
-
These links can be displayed on all pages of the ownCloud web interface and in the footer of mail notifications. When using one of the default themes provided by ownCloud, as well as the default mail templates, configured links will be automatically included.
For customized themes or mail templates, actions are required to include the links. These are:
Add the following at the end of each HTML template to add the footer:
<?php print_unescaped($this→inc('html.mail.footer', ['app' ⇒ 'core'])); ?>
Add the following at the end of each plain text template to add the footer:
<?php print_unescaped($this→inc('plain.mail.footer', ['app' ⇒ 'core'])); ?>
In a custom theme, change getShortFooter
and getLongFooter
in defaults.php
without links to
include the links
Changed behavior of "Exclude groups from sharing" option
The option "Exclude groups from sharing", in the administration settings "Sharing" section, enables administrators to exclude groups of users from the ability to initiate file shares. In previous versions this restriction only applied to users who were members of exactly these groups (membership of one or more non-excluded groups bypassed the restriction).
This behavior has been changed to be both more restrictive and to better cover the expectations of administrators. With ownCloud Server 10.0.9, it will apply to all users who are members of at least one of the excluded groups.
Changes to the sharing autocomplete mechanism
In ownCloud Server 10.0.8, the value for minimum characters to trigger the sharing autocomplete mechanism <min-chars-for-sharing-autocomplete-label> has been made configurable and set to 4 by default. As this security-enhancing change came at the expense of usability, and might only be required in special scenarios, the default value has been reverted to 2.
For increased security requirements, the config.php
option
'user.search_min_length' ⇒ 2
can be adjusted. To further improve
usability, a hint has been added to inform users about the required
character count, to get suggestions.
Improvements for occ user:list
To improve the usability of the occ user:list
command, the output has
been made configurable by using the -a
option, for including certain
attributes. This change has mainly been introduced to facilitate
automation tasks. Check the --help
option for more information.
Additional events for audit logging
New events are available for audit logging, among others. These include:
-
Changes in user-specific settings
-
Sending public links via mail; and
-
Accepting and rejecting shares
When logs are forwarded to external analyzers, like Splunk,
administrators can check to add the new events. The latest version of
the Auditing extension (admin_audit
) is required.
Theming Improvements and Changes
-
HTML templates for
lost password
mails have been added. This is important in case a custom theme is used and it needs manual adjustments. -
The mail notifications framework, introduced with ownCloud Server 10.0.8 <new-mail-notifications-feature-label>, has been extended to provide a basic framework and notification structure, which can be used by ownCloud features and third party extensions. To support this, mail template wording and structure have been updated. Please review the templates in
apps/notifications/templates/mail/
to align them with your needs. -
Mail templates can now include a footer for HTML (
core/templates/html.mail.footer.php
) and plain text mails (core/templates/plain.mail.footer.php
). The default templates shipped with ownCloud Server 10.0.9 contain the respective references. For customized mail templates, it is necessary to manually add the references. To do so: -
Add the following at the end of each HTML template: :
<?php print_unescaped($this->inc('html.mail.footer', ['app' => 'core'])); ?>
-
Add the following at the end of each plain text template: :
<?php print_unescaped($this->inc('plain.mail.footer', ['app' => 'core'])); ?>
-
The ownCloud example theme (
theme-example
), which can be used as a solid base to create custom themes, is no longer bundled with ownCloud Server. It now lives in its own repository on GitHub.
Solved Known Issues
ownCloud Server 10.0.9 takes care of 10.0.8 known issues, and provides remedy for several others:
-
Issues with multiple theme apps and the Mail Template Editor #31478
-
OCC command to transfer data between users (
occ transfer:ownership
) works as expected again. Previously, public link shares were not transferred. See #31176 for further details. -
OCC commands to encrypt (
occ encryption:encrypt-all
) and decrypt (occ encryption:decrypt-all
) user data work correctly again. Previously, shares might have been lost during the encryption process. See #31600 and #31590 for further details. -
Files larger than 10 MB can now properly be uploaded by guest users. See #31596 for further details.
-
Issues with public link dialog when collaborative tags app is disabled has been resolved. See #31581 for further details.
-
Enabling/disabling of users by group administrators in the web UI works again. See #31489 for further details.
-
Issues with file upload using Microsoft EDGE are now circumvented (hard memory limit of 5 GB causing uploads to fail randomly as garbage collection for file chunks did not work properly). See #31884 for further details.
Known Issues
-
Does not work together with Multi-Factor Authentication (e.g.
twofactor_totp
,twofactor_privacyidea
). Please do not deploy expiration policies yet when having Two- or Multi-Factor Authentication extensions in place. This issue will be solved with the next ownCloud Server release. See #32059 for more information. -
The new Password Policy feature "Password Expiration" includes an occ command to manually force password expiration. Please run it directly after imposing expiration policies on an instance with existing users. Currently the command will only work when the policy X days until user password expires has been enabled. This might be confusing and will be solved with the next release of the extension. See #66 for more information.
For Developers
-
The symfony event for logging has been extended to include the original exception when applicable: #31623
-
Added Symfony event for whenever user settings are changed #31266
-
Added Symfony event for whenever a public link share is sent by email #31632
-
Added Symfony event for whenever local shares are accepted or rejected #31702
-
Added public WebDAV API for versions using a new
meta
DAV endpoint #31729 #29637 -
Added support for retrieving file previews using WebDAV endpoint #29319 #30192
Changes in 10.0.8
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.0.8 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
PHP 5.6 deprecation
PHP 5.6/7.0 active support has ended on January 19th 2017 / December 3rd 2017 and security support will be dropped by the end of 2018. Many libraries used by ownCloud (including the QA-Suite PHPUnit) will therefore not be maintained actively anymore which forces ownCloud to drop support in one of the next minor server versions as well. Please make sure to upgrade to PHP 7.1 as soon as possible. See the system requirements in the ownCloud documentation.
Personal note for public link mail notification
One of the usability enhancements of ownCloud Server 10.0.8 is the possibility for users to add a personal note when sending public links via mail. When using customized mail templates it is necessary to either adapt the shipped original template to the customizations or to add the code block for the personal note to customized templates in order to display the personal note in the mail notifications.
New mail notifications feature
ownCloud Server 10.0.8 introduces a new extensible notification framework. Apart from technical changes under the hood the Notifications app can now also send mails for all notifications that previously were only displayed within the web interfaces (notification bell) or on the Desktop client (notifications API) like incoming federated share or Custom Group notifications, for example. In the "General" settings section users can configure whether they want to receive mails for all notifications, only for those that require an action or decide not to get notifications via mail (by default users will only receive notifications when an action is required).
LDAP-related improvements
-
When disabling or deleting user accounts in LDAP, the administrator can choose to either delete or disable respective accounts in ownCloud when executing
occ user:sync
(-m, --missing-account-action=MISSING-ACCOUNT-ACTION
). User accounts that are disabled in ownCloud can now be re-enabled automatically when runningocc user:sync
if they are enabled in LDAP. When this behavior is desired administrators just need to add the-r, --re-enable
option to their cron jobs or when manually executingocc user:sync
. -
Furthermore it is now possible to execute
occ user:sync
only for single (-u, --uid=UID
) or seen (-s, --seenOnly
) users (users that are present in the database and have logged in at least once). These new options provide more granularity for administrators in terms of managingocc user:sync
performance. -
Another notable change in behavior of
occ user:sync
is that administrators now have to explicitly specify the option-c, --showCount
to display the number of users to be synchronized.
New events for audit logging
New events have been added to be used for audit logging, among others. These include configuration changes by administrators and users, file comments (add/edit/delete) and updating existing public links. When logs are forwarded to external analyzers like Splunk, administrators can check to add the new events. The latest version of the Auditing extension (admin_audit) is required.
New command to verify and repair file checksums
With ownCloud 10 file integrity checking by computing and matching
checksums has been introduced to ensure that transferred files arrive at
their target in the exact state as their origin. In some rare cases
wrong checksums can be written to the database leading to
synchronization issues with e.g. the Desktop Client. To mitigate such
situations a new command occ files:checksums:verify
has been
introduced. The command recalculates checksums either for all files of a
user or for files within a specified path, and compares them with the
values in the database. Naturally the command also offers an option to
repair incorrect checksum values (-r, --repair
). Please check the
available options by executing occ files:checksums:verify --help
.
Note: Executing this command might take some time depending on the file
count.
New config setting to specify minimum characters for sharing autocomplete
For security reasons the default value for minimum characters to trigger
the sharing autocomplete mechanism has been set to "4" (previously it
was set to "2"). This is to prevent people from easily downloading
lots of email addresses or user names by requesting their first letters
through the API. As it is a trade-off between security and usability for
some scenarios this high security level might not be desirable.
Therefore the value now is configurable via the config.php option
'user.search_min_length' ⇒ 4,
. Please check which value fits your
needs best.
New option to granularly configure public link password enforcement
With ownCloud 10 the File Drop
feature has been merged with public
link permissions. This kind of public link does not give recipients
access to any content, but it gives them the possibility to drop
files
. As a result, it might not always be desirable to enforce
password protection for such shares. Given that, passwords for public
links can now be enforced based on permissions (read-only, read &
write, upload only/File Drop). Please check the administration settings
`Sharing` section and configure as desired.
New option to exclude apps from integrity check
By verifying signature files the integrity check ensures that the code
running in an ownCloud instance has not been altered by third parties.
Naturally this check can only be successful for code that has been
obtained from official ownCloud sources. When providing custom apps
(like theme apps) that do not have a signature, the integrity check will
fail and notify the administrator. These apps can now be excluded from
the integrity check by using the config.php option
'integrity.ignore.missing.app.signature' ⇒ ['app_id1', 'app_id2', 'app_id3'],
.
See config.sample.php for more information.
New occ command to modify user details
It is now possible to modify user details like display names or mail
addresses via the command occ user:modify
. Please append --help
for
more information.
occ files:scan can now be executed for groups
Apart from using the occ files:scan
command for single users and
whole instances it can now be executed for groups using
-g, --groups=GROUPS
. Please append --help
for more information.
New configurable default format for syslog
When using syslog as the log type ('log_type' ⇒ 'syslog',
in
config.php) the default format has been changed to include request
IDs for easier debugging. Additionally the log format has been made
configurable using 'log.syslog.format'
in config.php. If you require
a certain log format, please check the new format and
config.sample.php on how to change it.
New config option to enable fallback to HTTP for federated shares
For security reasons federated sharing (sharing between different
ownCloud instances) strictly requires HTTPS (SSL/TLS). When this
behavior is undesired the insecure fallback to HTTP needs to be enabled
explicitly by setting 'sharing.federation.allowHttpFallback' ⇒ false,
to true
in config.php.
Migration related to auth_tokens (app passwords)
Upgrading to 10.0.8 includes migrations related to auth_tokens (app passwords). When users have created app passwords as separate passwords for their clients the upgrade duration will increase depending on user count. Please consider this when planning the upgrade.
Changed behavior of e-mail autocomplete for public link share dialog
When the "Sharing" settings option
Allow users to send mail notifications for shared files
for public
links is enabled, users can send public links via mail from within the
web interface. The behavior of the autocomplete when entering mail
addresses in the public link share dialog has been changed. Previously
the autocomplete queried for local users, users from federated address
books and contacts from CardDAV/Contacts App. As public links are not
intended for sharing between ownCloud users (local/federated), those
have been removed. Contacts synchronized via CardDAV or created in the
Contacts app will still appear as suggestions.
Notifications sent by occ can now include links
The command occ notifications:generate
can be used to send notifications to individual users or groups.
With 10.0.8 it is also capable of including links to such notifications using the -l, --link=LINK
option.
Please append --help
for more information.
There is also Announcement center
to conduct such tasks from the web interface but it is currently limited to send notifications to all users.
For now administrators can use the occ
command if more granularity is required.
Global option for CORS domains
For security reasons ownCloud has a Same-Origin-Policy that prevents
requests to ownCloud resources from other domains than the domain the
backend server is hosted on. If ownCloud resources should be accessible
from other domains, e.g., for a separate web frontend operated on a
different domain, administrators can now globally specify policy
exceptions via CORS (Cross-Origin Resource Sharing) using
'cors.allowed-domains'
in config.php. Please check
config.sample.php for more information.
Mail Template Editor is now unbundled
The Mail Template Editor has been unbundled from the default apps and is not shipped with the Server anymore. When upgrading ownCloud will try to automatically install the latest version from the ownCloud Marketplace in case the app was installed before.
If this is not possible (e.g. no internet connection or clustered setup) you will either need to disable the app
(occ app:disable templateeditor
) or
download and install it manually.
Solved Known Issues
-
Bogus
Login failed
log entries have been removed (see 10.0.7 known issues) -
The Provisioning API can now properly set default or zero quota
-
User quota settings can be queried through Provisioning API
-
A regression preventing a user from setting their e-mail address in the settings page has been fixed
-
File deletion as a guest user works correctly (trash bin permissions are checked correctly)
Known issues
-
Issues with multiple theme apps and Mail Template Editor
As of ownCloud Server 10.0.5 it is only possible to have one theme app enabled simultaneously. When a theme app is enabled and the administrator attempts to enable a second one this will result in an error. However, when also having the Mail Template Editor enabled in this scenario the administrator’s "General" settings section will be displayed incorrectly. As a remedy administrators can either uninstall the second theme app or disable the Mail Template Editor app.
-
occ transfer:ownership
does not transfer public link shares if they were created by the target user (reshare).
For developers
-
The global JS variable
oc_current_user
was removed. Please use the public methodOC.getCurrentUser()
instead. -
Lots of new Symfony events have been added for various user actions, see changelog for details, or the documentation ticket.
-
When requesting a private link there is a new HTTP response header
Webdav-Location
that contains the WebDAV path to the requested file while theLocation
still points at the frontend URL for viewing the file.
Changes in 10.0.7
ownCloud Server 10.0.7 is a hotfix follow-up release that takes care of an issue regarding OAuth authentication.
Please consider the ownCloud Server 10.0.5 release notes.
Known issues
-
When using application passwords, log entries related to
Login Failed
will appear and can be ignored. For people using fail2ban or other account locking tools based on log parsing, please apply this patch withpatch -p1 < 50c78a4bf4c2ab4194f40111b8a34b7e9cc17a14.patch
(original pull request here).
Changes in 10.0.6
ownCloud Server 10.0.6 is a hotfix follow-up release that takes care of an issue during the build process (https://github.com/owncloud/core/pull/30265). Please consider the ownCloud Server 10.0.5 release notes.
Changes in 10.0.5
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.0.5 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.
Technology preview for PHP 7.2 support
ownCloud catches up with new web technologies. This has mainly been introduced for the open-source community to test and give feedback. PHP 7.2 is not yet supported nor recommended for production scenarios. ownCloud is going to fully support PHP 7.2 with the next major release.
php-intl now is a hard requirement
Please make sure to have the PHP extension installed before upgrading.
Changed: Only allow a single active theme app
The theming behavior has been changed so that only a single theme can be active concurrently. This change ensures that themes cannot interfere in any way (e.g., override default theming in an arbitrary order). Please make sure to have the desired theme enabled after upgrading.
Removed old Dropbox external storage backend (Dropbox API v1)
Please switch to the new External Storage: Dropbox app with Dropbox API v2 support to continue providing Dropbox external storages to your users.
Fixed: Only set CORS headers on WebDAV endpoint when Origin header is specified
ownCloud Server 10.0.4 known issue is resolved.
Fixes and improvements for the Mail Template Editor
-
Known issues are resolved: Mail Template Editor works again, got support for app themes and additional templates were added for customization.
-
Mail Template Editor is still bundled with ownCloud Server but will soon be released as a separate app to ownCloud Marketplace.
-
Changelog: https://github.com/owncloud/templateeditor/blob/master/CHANGELOG.md#02---2018-02-28
Known Issues
-
When using application passwords, log entries related to
Login Failed
will appear, please upgrade to 10.0.7 and check the fix mentionned in its release notes.
Changes in 10.0.4
Dear ownCloud administrator, please find below the changes and known issues in ownCloud Server 10.0.4 that need your attention. You can also read the full ownCloud Server 10.0.4 changelog for further details on what has changed.
More granular sharing restrictions
The "Restrict users to only share with users in their groups" option, in the Sharing settings, restricts users to only share with groups which they are a member of, while simultaneously prohibiting sharing with single users that do not belong to any of the users’ groups.
To make this more granular, we split this option into two parts and added "Restrict users to only share with groups they are member of", which differentiates between users and groups. Doing so makes it possible to restrict users from sharing with all users of an installation, limiting them to only being able to share with groups which they are a member of, and vice versa.
Configurable solution for indistinguishable user display names
The ownCloud sharing dialog displays users according to their display name. As users can choose their display name in self-service (which can be disabled in config.php) and display names are not unique, it is possible that a user can’t distinguish sharing results.
To cover this case the displayed user identifiers are now configurable. In the Sharing settings administrators can now configure the display of either mail addresses or user ids.
Added occ files:scan
repair mode to repair filecache inconsistencies
We recommend using this command when directed to do so in the upgrade process. Please refer to the occ command’s files:scan --repair documentation for more information.
Detailed mode for occ security:routes
Administrators can use the output of this command when using a network firewall, to check the appropriateness of configured rules or to get assistance when setting up.
Added mode of operations to differentiate between single-instance or clustered setup
As ownCloud needs to behave differently when operating in a clustered setup versus a single instance setup, the new config.php
option operation.mode
has been added.
It can take one of two values: single-instance
and clustered-instance
.
For example: 'operation.mode' ⇒ 'clustered-instance',
.
Currently the Market App (ownCloud Marketplace integration) does not support clustered setups and can do harm when used for installing or updating apps. The new config setting prevents this and other actions that are undesired in cluster mode.
When operating in a clustered setup, it is mandatory to set this option. Please check the config_sample_php_parameters documentation for more information.
Added occ dav:cleanup-chunks command to clean up expired uploads
When file uploads are interrupted for any reason, already uploaded file parts (chunks) remain in the underlying storage so that the file upload can resume in a future upload attempt. However, resuming an upload is only possible until the partial upload is expired and deleted, respectively.
To clean up chunks (expire and delete) originating from unfinished uploads, administrators can use this newly introduced command. The default expiry time is two days, but it can be specified as a parameter to the command.
It is recommended to configure CRON to execute this background job regularly. |
It is not included in the regular ownCloud background jobs so that the administrators have more flexibility in scheduling it. Please check the background jobs configuration documentation for more information.
Administrators can now exclude files from integrity check in config.php
When administrators did intentional changes to the ownCloud code they
now have the ability to exclude certain files from the integrity
checker. Please check config.sample.php
for the usage of 'integrity.excluded.files'
.
Modification time value of files is now 64 bits long
When upgrading to 10.0.4 migrations may increase update duration dependent on the number of files.
Updated minimum supported browser versions
Users with outdated browsers might get warnings. See the list of supported browser versions.
Known Issues
-
When using application passwords, log entries related to
Login Failed
will appear, please upgrade to 10.0.7 and check the fix mentioned in its release notes. -
Impersonate app 0.1.1 does not work with ownCloud Server 10.0.4. Please update to Impersonate 0.1.2 to be able to use the feature with ownCloud 10.0.4.
Changes in 10.0.3
Dear ownCloud administrator, please find below the changes and known issues of ownCloud Server 10.0.3 that need your attention:
The full ownCloud Server 10.0.3 changelog can be found here: https://github.com/owncloud/core/blob/stable10/CHANGELOG.md
-
It is now possible to directly upgrade from 8.2.11 to 10.0.3 in a single upgrade process.
-
Added occ command to list routes which can help administrators setting up network firewall rules.
-
occ upgrade
is now verbose by default. Administrators may need to adjust scripts for automated setup/upgrade procedures that rely on `occ upgrade' outputs. -
Reenabled medial search by default::
-
Enables partial search in sharing dialog autocompletion (e.g., a user wants to share with the user "Peter": Entering "pe" will find the user, entering "ter" will only find the user if the option is enabled)
-
New default is set to enabled as there is no performance impact anymore due to the introduction of the user account table in ownCloud Server 10.0.1.
-
Please check the setting. You need to disable it explicitly if the functionality is undesired.
-
-
All database columns that use the fileid have been changed to bigint (64-bits). For large instances it is therefore highly recommended to upgrade in order to avoid reaching limits.
-
Upgrade and Market app information::
-
Removed
appstoreenabled
setting from config.php. If you want to disable the app store / Marketplace integration, please disable the Market app. -
Added setting `upgrade.automatic-app-update' to config.php to disable automatic app updates with `occ upgrade' when Market app is enabled
-
On upgrade from OC < 10 the Market app won’t be enabled if
appstoreenabled
was false in config.php.
-
-
Clustering: Better support of read only config file and apps folder
-
Default minimum desktop client version in config.php is now 2.2.4.
Known Issues
-
Added quotes in boolean result values of
yourdomain/status.php
output -
Setting up SFTP external storages with keypairs does not work. https://github.com/owncloud/core/issues/28669
-
If you have storage encryption enabled, the web UI for encryption will ask again what mode you want to operate with even if you already had a mode selected before. The administrator must select the mode they had selected before. https://github.com/owncloud/core/issues/28985
-
Uploading a folder in Chrome in a way that would overwrite an existing folder can randomly fail (race conditions). https://github.com/owncloud/core/issues/28844
-
Federated shares cannot be accepted in WebUI for SAML/Shibboleth users
-
For MariaDB users: Currently, Doctrine has no support for the breaking changes introduced in MariaDB 10.2.7, and above. If you are on MariaDB 10.2.7 or above, and have encountered the message
1067 Invalid default value for `lastmodified
, please apply this patch to Doctrine. We expect this bug to be fixed in ownCloud 10.0.4. For more information on the bug, check out the related issue. -
When updating from ownCloud < 9.0 the CLI output may hang for some time (potentially up to 20 minutes for big instances) whilst sharing is updated. This can happen in a variety of places during the upgrade and is to be expected. Please be patient as the update is performed and the output will continue as normal.
Changes in 10.0.1
Hello ownCloud administrator, please read carefully to be prepared for updates and operations of your ownCloud setup.
-
A new update path: ownCloud 10.0.1 contains migration logic to allow upgrading directly from 9.0 to 10.0.1.
-
Marketplace: Please create an account for `the new marketplace`_. Access to optional ownCloud extensions and enterprise apps will be provided by the marketplace from now on. Currently some apps are still shipped with the tarballs / packages and will be moved to the marketplace in the near future.
-
Apps: LDAP, gallery, activity, PDF viewer, and text editor were moved to the marketplace.
-
Updates with marketplace: During the upgrade, enabled apps are also updated by fetching new versions directly from the marketplace. If during an update, sources for some apps are missing, and the ownCloud instance has no access to the marketplace, the administrator needs to disable these apps or manually download and provide the apps before updating.
-
App updates: Third party apps are not disabled anymore when upgrading.
-
Upgrade migration test: The upgrade migration test,
--skip-migration-tests
, has been removed.
The template editor app is not included in the 10.0.1 release due to technical reasons, but will be distributed via the marketplace. However, you can still edit template files manually. |
Settings
-
Settings design: Admin, personal pages, and app management are now merged together into a single "Settings" entry.
-
Disable users: The ability to disable users in the user management panel has been added.
-
Password Policy: Rules now apply not only to link passwords but also to user passwords.
Infrastructure
-
Client: You need to update to the latest desktop client version.
-
Cron jobs: The user account table has been reworked. As a result the Cron job for syncing user backends, e.g., LDAP, needs to be configured.
-
Logfiles: App logs, e.g., auditing and owncloud.log, can now be split, see: Configuring Logging.
Known Issues
Converting the Database Type doesn’t work
Converting a Database from e.g. SQLite
to MySQL
or PostgreSQL
with
the occ db:convert-type
currently doesn’t work. See
https://github.com/owncloud/core/issues/27075 for more info.
Installing the LDAP user backend will trigger the installation twice
This causes an SQL error such as the following:
sudo -u www-data ./occ market:install user_ldap
user_ldap: Installing new app ...
user_ldap: An exception occurred while executing 'CREATE TABLE `ldap_user_mapping` (`ldap_dn` VARCHAR(255) DEFAULT '' NOT NULL, `owncloud_name` VARCHAR(255) DEFAULT '' NOT NULL, `directory_uuid` VARCHAR(255) DEFAULT '' NOT NULL, UNIQUE INDEX ldap_dn_users (`ldap_dn`), PRIMARY KEY(`owncloud_name`)) DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_bin ENGINE = InnoDB ROW_FORMAT = compressed':
SQLSTATE[42S01]: Base table or view already exists: 1050 Table 'ldap_user_mapping' already exists
This can be safely ignored. And the app can be used after enabling it.
Please be aware that when upgrading an existing ownCloud installation
that already has user_ldap
this error will not occur. It was fixed by
https://github.com/owncloud/core/pull/27982. However, this could happen
for other apps as well that use database.xml
. If it does please use the same workaround.
SAML authentication only works for users synced with occ user:sync
We will re-enable SSO for LDAP users with an update of the app in the market after completing internal testing.
The web UI prevents uninstalling apps marked as shipped, e.g., user_ldap
To uninstall, disable the app with occ and rm the app directory.
Moving files around in external storages outside of ownCloud will invalidate the metadata
All shares, comments, and tags on the moved files will be lost.
Existing LDAP users only show up in the user management page and the share dialog after being synced
The account table introduced in ownCloud 10.0.0 significantly reduces
LDAP communication overhead. Password checks are yet to be accounted
for. LDAP user metadata in the account table will be updated when users
log in or when the administrator runs
occ user:sync "OCA\User_LDAP\User_Proxy"
.
We recommend setting up a nightly Cron job to keep metadata of users not actively logging in up to date.
Error pages will not use the configured theme but will instead fall back to the community default
Changes in 10.0.0
-
PHP 7.1 support added (supported PHP versions are 5.6 and 7.0+)
-
The upgrade migration test has been removed; (Option
"--skip-migration-tests"
removed from update command) -
Requires to use the latest desktop client version 2.3
-
Third party apps are not disabled anymore when upgrading
-
User account table has been reworked. CRON job for syncing with e.g., LDAP needs to be configured (see Syncing User Accounts for more information)
-
LDAP app is not released with ownCloud 10.0.0 and will be released on the marketplace after some more QA
-
files_drop app is not shipped anymore as it’s integrated with core now. Since migrations are not possible you will have to reconfigure your drop folders (in the `Public Link' section of the sharing dialog of the respective folders).
-
SAML/Shibboleth with device-specific app passwords: No migration possible; Users need to regenerate device-specific app passwords in the WebUI and enter those in their clients.
-
For security reasons status.php can now be configured in config.php to not return server version information anymore (`version.hide'; default `false'). As clients still depend on version information this is not yet recommended. The default will change to `true' with 10.0.2 once clients are ready.
-
Order of owncloud.log entries changed a bit, please review any application (e.g. fail2ban rules) relying on this file
-
External storages::
-
FTP external storage moved to a separate app (https://marketplace.owncloud.com/apps/files_external_ftp)
-
"Local" storage type can now be disabled by sysadmin in config.php (to prevent users mounting the local file system)
-
Full changelog: https://github.com/owncloud/core/wiki/ownCloud-10.0-Features
Changes in 9.1
General
-
Background jobs (cron) can now run in parallel
-
Update notifications in client via API - You can now be notified in your desktop client about available updates for core and apps. The notifications are made available via the notifications API.
-
Multi-bucket support for primary objectstore integration
-
Support for Internet Explorer below version 11 was dropped
-
Symlinks pointing outside of the data directory are disallowed. Please use the configuration/files/external_storage_configuration_gui with the configuration/files/external_storage/local storage backend instead.
-
Removed
dav:migrate-calendars
anddav:migrate-addressbooks
commands forocc
. Users planning to upgrade from ownCloud 9.0 or below to ownCloud 9.1 needs to make sure that their calendars and address books are correctly migrated before continuing to upgrade to 9.1.
Authentication
-
Pluggable authentication: plugin system that supports different authentication schemes
-
Token-based authentication
-
Ability to invalidate sessions
-
List connected browsers/devices in the personal settings page. Allows the user to disconnect browsers/devices.
-
Device-specific passwords/tokens can be generated in the personal page and revoked
-
Disable users and automatically revoke their sessions
-
Detect disabled LDAP users or password changes and revoke their sessions
-
Log in with email address
-
Configuration option to enforce token-based login outside the web UI
-
Two Factor authentication plug-in system
-
OCC command added to (temporarily) disable/enable two-factor authentication for single users
The current desktop and mobile client versions do not support two-factor yet, this will be added later. It is already possible to generate a device-specific password and enter that in the current client versions. |
Files app
-
Ability to toggle displaying hidden files
-
Remember sort order
-
Permalinks for internal shares
-
Visual cue when dragging in files app
-
Autoscroll file list when dragging files
-
Upload progress estimate
Federated sharing
-
Ability to create federated shares with CRUDS permissions
-
Resharing a federated share does not create a chain of shares any more but connects the share owner’s server to the reshare recipient
External storage
-
UTF-8 NFD encoding compatibility support for NFD file names stored directly on external storages (new mount option in external storage admin page)
-
Direct links to the configuration pages for setting up a GDrive or Dropbox application for use with ownCloud
-
Some performance and memory usage improvements for GDrive, stream download and chunk upload
-
Performance and memory usage improvements for Dropbox with stream download
-
GDrive library update provides exponential backoff which will reduce rate limit errors
Shibboleth
-
The WebDAV endpoint was changed from
/remote.php/webdav
to/remote.php/dav
. You need to check your Apache configuration if you have exceptions or rules for WebDAV configured.
Minor additions
-
Support for print style sheets
-
Command line based update will now be suggested if the instance is bigger to avoid potential timeouts
-
Web updater will be disabled if LDAP or shibboleth are installed
-
DB/application update process now shows better progress information
-
Added
occ files:scan --unscanned
to only scan folders that haven’t yet been explored on external storages -
Chunk cache TTL can now be configured
-
Added warning for wrongly configured database transactions, helps prevent
database is locked
issues -
Use a capped memory cache to reduce memory usage especially in background jobs and the file scanner
-
Allow login by email
-
Respect CLASS property in calendar events
-
Allow addressbook export using VCFExportPlugin
-
Birthdays are also generated based on shared addressbooks
For developers
-
New DAV endpoint with a new chunking protocol aiming to solve many issues like timeouts (not used by clients yet)
-
New webdav property for share permissions
-
Background repair steps can be specified info.xml
-
Background jobs (cron) can now be declared in info.xml
-
Apps can now define repair steps to run at install/uninstall time
-
Export contact images via Sabre DAV plugin
-
Sabre DAV’s browser plugin is available in debug mode to allow easier development around webdav
Technical debt
-
PSR-4 autoloading forced for
OC\
andOCP\
, optional forOCA\
docs at xref:next@server:developer_manual:app/fundamentals/classloader.adoc -
More cleanup of the sharing code (ongoing)
Changes in 9.0
9.0 requires .ico files for favicons. This will change in 9.1, which will use .svg files. See Changing favicon in the Developer Manual.
Home folder rule is enforced in the user_ldap application in new ownCloud installations; see configuration/user/user_auth_ldap. This affects ownCloud 8.0.10, 8.1.5 and 8.2.0 and up.
The Calendar and Contacts apps have been rewritten and the CalDAV and
CardDAV backends of these apps were merged into ownCloud core. During
the upgrade existing Calendars and Addressbooks are automatically
migrated (except when using the IMAP user backend
). As a fallback for
failed upgrades, when using the IMAP user backend
or as an option to
test a migration dav:migrate-calendars
and/or
dav:migrate-addressbooks
scripts are available (only in ownCloud
9.0) via the occ
command. See configuration/server/occ_command.
After upgrading to ownCloud 9.0 and before continuing to upgrade to 9.1 make sure that all of your
and your users Calendars and Addressbooks are migrated correctly. Especially when using the IMAP user backend
(other user backends might be also affected) you need to manually run the mentioned occ migration commands
described above.
|
Updates on systems with large datasets will take longer, due to the addition of checksums to the ownCloud database. See https://github.com/owncloud/core/issues/22747.
Linux packages are available from our
official download site.
New in 9.0: split packages. owncloud
installs
ownCloud plus dependencies, including Apache and PHP. owncloud-files
installs only ownCloud. This is useful for custom LAMP stacks, and
allows you to install your own LAMP apps and versions without packaging
conflicts with ownCloud. See installation/linux_installation.
New option for the ownCloud admin to enable or disable sharing on individual external mountpoints (see External Storage GUI Mount Options). Sharing on such mount points is disabled by default.
Enterprise 9.0
owncloud-enterprise packages are no longer available for CentOS 6, RHEL6, Debian 7, or any version of Fedora. A new package, owncloud-enterprise-files, is available for all supported platforms, including the above. This new package comes without dependencies, and is installable on a larger number of platforms. System administrators must install their own LAMP stacks and databases.
Changes in 8.2
New location for Linux package repositories; ownCloud admins must manually change to the new repos. See maintenance/upgrade
PHP 5.6.11+ breaks the LDAP wizard with a `Could not connect to LDAP' error. See https://github.com/owncloud/core/issues/20020.
filesystem_check_changes
in config.php
is set to 0 by default. This
prevents unnecessary update checks and improves performance. If you are
using external storage mounts such as NFS on a remote storage server,
set this to 1 so that ownCloud will detect remote file changes.
XSendFile
support has been removed, so there is no longer support for
serving static files from your ownCloud server.
LDAP issue: 8.2 uses the memberof
attribute by default. If this is not
activated on your LDAP server your user groups will not be detected, and
you will see this message in your ownCloud log:
Error PHP Array to string conversion at /var/www/html/owncloud/lib/private/template/functions.php#36
.
Fix this by disabling the memberof
attribute on your ownCloud server
with the occ
command, like this example on Ubuntu Linux:
sudo -u www-data ./occ ldap:set-config "s01" useMemberOfToDetectMembership 0
Run sudo -u www-data ./occ ldap:show-config
to find the correct
sNN
value; if there is not one then use empty quotes, ""
. (See
configuration/server/occ_command.)
Users of the Linux Package need to update their repository setup.
Changes in 8.1
Use APCu only if available in version 4.0.6 and higher. If you install
an older version, you will see a
APCu below version 4.0.6 is installed, for stability and performance reasons we recommend to update to a
newer APCu version
warning on your ownCloud admin page.
SMB external storage now based on php5-libsmbclient
, which must be downloaded from the ownCloud software repositories
(installation instructions).
Download from link
feature has been removed.
The .htaccess
and index.html
files in the data/
directory are now
updated after every update. If you make any modifications to these files
they will be lost after updates.
The SabreDAV browser at /remote.php/webdav
has been removed.
Using ownCloud without a trusted_domain
configuration will not work
anymore.
The logging format for failed logins has changed and considers now the
proxy configuration in config.php
.
A default set of security and privacy HTTP headers have been added to
the ownCloud .htaccess
file, and ownCloud administrators may now
customize which headers are sent.
More strict SSL certificate checking improves security but can result in
cURL error 60: SSL certificate problem: unable to get local issuer
certificate
errors with certain broken PHP versions. Please verify
your SSL setup, update your PHP or contact your vendor if you receive
these errors.
The persistent file-based cache (e.g., used by LDAP integration) has been
dropped and replaced with a memory-only cache, which must be explicitly
configured. See configuration/user/user_auth_ldap. Memory cache
configuration for the ownCloud server is no longer automatic, requiring
installation of your desired cache backend and configuration in
config.php
(see configuration/server/caching_configuration.)
The OC_User_HTTP
backend has been removed. Administrators are
encouraged to use the user_webdavauth
application instead.
ownCloud ships now with its own root certificate bundle derived from Mozilla’s root certificates file. The system root certificate bundle will not be used anymore for most requests.
When you upgrade from ownCloud 8.0, with encryption enabled, to 8.1, you must enable the new encryption backend and migrate your encryption keys.
Encryption can no longer be disabled in ownCloud 8.1. It is planned to re-add this feature to the command line client for a future release.
It is not recommended to upgrade encryption-enabled systems from ownCloud Server 8.0 to version 8.1.0 as there is a chance the migration will break. We recommend migrating to the first bugfix release, ownCloud Server 8.1.1.
Due to various technical issues, by default desktop sync clients older
than 1.7 are not allowed to connect and sync with the ownCloud server.
This is configurable via the minimum.supported.desktop.version
switch
in config.php
.
Previews are now generated at a maximum size of 2048 x 2048 pixels. This
is configurable via the preview_max_x
and preview_max_y
switches in
config.php
.
The ownCloud 8 server is not supported on any version of Windows.
The 8.1.0 release has a minor bug which makes application updates fail at first try. Reload the apps page and try again, and the update will succeed.
The forcessl
option within the config.php
and the Enforce SSL
option within the Admin-Backend was removed.
This now needs to be configured like described in
Hardening and Security Guidance.
WebDAV file locking was removed in ownCloud 8.1 which causes Finder on macOS to mount WebDAV read-only.
Enterprise 8.1
The SharePoint Drive application does not verify the SSL certificate of the SharePoint server or the ownCloud server, as it is expected that both devices are in the same trusted environment.
Changes in 8.0
Manual LDAP Port Configuration
When you are configuring the LDAP user and group backend application, ownCloud may not auto-detect the LDAP server’s port number, so you will need to enter it manually.
No Preview Icon on Text Files
There is no preview icon displayed for text files when the file contains fewer than six characters.
Remote Federated Cloud Share Cannot be Reshared With Local Users
When you mount a Federated Cloud share from a remote ownCloud server, you cannot re-share it with your local ownCloud users. (See Federated Cloud Sharing Configuration to learn more about federated cloud sharing)
Manually Migrate Encryption Keys after Upgrade
If you are using the Encryption application and upgrading from older versions of ownCloud to ownCloud 8.0, you must manually migrate your encryption keys.
Windows Server Not Supported
Windows Server is not supported in ownCloud 8.
PHP 5.3 Support Dropped
PHP 5.3 is not supported in ownCloud 8, and PHP 5.4 or better is required.
Disable Apache Multiviews
If Multiviews are enabled in your Apache configuration, this may cause problems with content negotiation, so disable Multiviews by removing it from your Apache configuration. Look for lines like this:
<Directory /var/www/owncloud> Options Indexes FollowSymLinks Multiviews
Delete Multiviews
and restart Apache.
ownCloud Does Not Follow Symlinks
ownCloud’s file scanner does not follow symlinks, which could lead to infinite loops. To avoid this do not use soft or hard links in your ownCloud data directory.
No Commas in Group Names
Creating an ownCloud group with a comma in the group name causes ownCloud to treat the group as two groups.
Hebrew File Names Too Large on Windows
On Windows servers Hebrew file names grow to five times their original size after being translated to Unicode.
Google Drive Large Files Fail with 500 Error
Google Drive tries to download the entire file into memory, then write it to a temp file, and then stream it to the client, so very large file downloads from Google Drive may fail with a 500 internal server error.
Encrypting Large Numbers of Files
When you activate the Encryption application on a running server that has large numbers of files, it is possible that you will experience timeouts. It is best to activate encryption at installation, before accumulating large numbers of files on your ownCloud server.
Enterprise 8.0
Sharepoint Drive SSL Not Verified
The SharePoint Drive application does not verify the SSL certificate of the SharePoint server or the ownCloud server, as it is expected that both devices are in the same trusted environment.
No Federated Cloud Sharing with Shibboleth
Federated Cloud Sharing (formerly Server-to-Server file sharing) does not work with Shibboleth.
Direct Uploads to SWIFT do not Appear in ownCloud
When files are uploaded directly to a SWIFT share mounted as external storage in ownCloud, the files do not appear in ownCloud. However, files uploaded to the SWIFT mount through ownCloud are listed correctly in both locations.
SWIFT Objectstore Incompatible with Encryption App
The current SWIFT implementation is incompatible with any application that uses direct file I/O and circumvents the ownCloud virtual filesystem. Using the Encryption application on a SWIFT object store incurs twice as many HTTP requests and increases latency significantly.
Application Store is Back
The ownCloud application Store has been re-enabled in ownCloud 8. Note that third-party apps are not supported.
Changes in 7.0
Manual LDAP Port Configuration
When you are configuring the LDAP user and group backend application, ownCloud may not auto-detect the LDAP server’s port number, so you will need to enter it manually.
LDAP Search Performance Improved
Prior to 7.0.4, LDAP searches were substring-based and would match search attributes if the substring occurred anywhere in the attribute value. Rather, searches are performed on beginning attributes. With 7.0.4, searches will match at the beginning of the attribute value only. This provides better performance and a better user experience.
Substring searches can still be performed by prepending the search term
with *
. For example, a search for te
will find Terri, but not Nate:
occ ldap:search "te"
If you want to broaden the search to include Nate, then search for
*te
:
occ ldap:search "*te"
Refine searches by adjusting the User Search Attributes
field of the
Advanced tab in your LDAP configuration on the Admin page. For example,
if your search attributes are givenName
and sn
you can find users by
first name + last name very quickly. For example, you’ll find Terri
Hanson by searching for te ha
. Trailing whitespaces are ignored.
Protecting ownCloud on IIS from Data Loss
Under certain circumstances, running your ownCloud server on IIS could be at risk of data loss. To prevent this, follow these steps.
-
In your ownCloud server configuration file,
owncloud\config\config.php
, setconfig_is_read_only
to true. -
Set the
config.php
file to read-only. -
When you make server updates
config.php
must be made writeable. When your updates are completed re-set it to read-only.
Antivirus Application Modes
The Antivirus application offers three modes for running the ClamAV
anti-virus scanner: as a daemon on the ownCloud server, a daemon on a
remote server, or an executable mode that calls clamscan
on the local
server. We recommend using one of the daemon modes, as they are the most
reliable.
Enable Only for Specific Groups
Fails
Some ownCloud applications have the option to be enabled only for certain groups. However, when you select specific groups they do not get access to the app.
Changes to File Previews
For security and performance reasons, file previews are available only for image files, covers of MP3 files, and text files, and have been disabled for all other filetypes. Files without previews are represented by generic icons according to their file types.
4GB Limit on SFTP Transfers
Because of limitations in phpseclib
, you cannot upload files larger
than 4GB over SFTP.
Not Enough Space Available
on File Upload
Setting user quotas to unlimited
on an ownCloud installation that has
unreliable free disk space reporting– for example, on a shared hosting
provider– may cause file uploads to fail with a Not Enough Space
Available
error. A workaround is to set file quotas for all users
instead of unlimited
.
No More Expiration Date On Local Shares
In older versions of ownCloud, you could set an expiration date on both local and public link shares. Now you can set an expiration date only on public link shares, and local shares do not expire when public link shares expire.
Zero Quota Not Read-Only
Setting a user’s storage quota should be the equivalent of read-only, however, users can still create empty files.
Enterprise 7.0
No Federated Cloud Sharing with Shibboleth
Federated Cloud Sharing (formerly Server-to-Server file sharing) does not work with Shibboleth.
Windows Network Drive
Windows Network Drive runs only on Linux servers because it requires the Samba client, which is included in all Linux distributions.
php5-libsmbclient
is also required, and there may be issues with older
versions of libsmbclient
; see Using External Storage > Installing and
Configuring the Windows Network Drive application in the Enterprise
Admin manual for more information.
By default CentOS has activated SELinux, and the httpd
process cannot
make outgoing network connections. This will cause problems with curl,
LDAP and samba libraries. Again, see Using External Storage > Installing
and Configuring the Windows Network Drive application in the Enterprise
Admin manual for instructions.
Sharepoint Drive SSL
The SharePoint Drive application does not verify the SSL certificate of the SharePoint server or the ownCloud server, as it is expected that both devices are in the same trusted environment.
Shibboleth and WebDAV Incompatible
Shibboleth and standard WebDAV are incompatible, and cannot be used together in ownCloud. If Shibboleth is enabled, the ownCloud client uses an extended WebDAV protocol
No SQLite
SQLite is no longer an installation option for ownCloud Enterprise Edition, as it not suitable for multiple-user installations or managing large numbers of files.
No Application Store
The application Store is disabled for the Enterprise Edition.
LDAP Home Connector Linux Only
The LDAP Home Connector application requires Linux (with MySQL, MariaDB, or PostgreSQL) to operate correctly.