Release Notes

When upgrading from ownCloud Server 10.14.0, the following migrations will run as part of the upgrade procedure:

Any file upload (or PUT request in general) could have caused a 500/Internal Server Error due to wrong usage of the request object. This is now fixed. #41044

On multi-page documents (doc, odt, pdf, etc.) the preview will now be generated from the first page and no longer from the last page. #41045

We have addressed two visual issues in the Web UI file list. Firstly, the problem where the start of the epoch was mistakenly displayed as an expiration date in the shared file list has been resolved. Secondly, we have tackled the bug causing duplicate entries to appear when switching between shared tabs and clicking on a file list entry. #41056

The admin can setup external storages to be used by specific users and groups. When a LDAP group was setup, there were some issues so users belonging to that group weren’t able to access the external storage even though they should. Now, users belonging to LDAP groups can access external storages configured to be accessed by those groups. #41063

Web frontend offers a lot of proper translations. Browser capabilities are not needed. #41067

Negative performance impact when file_storage.save_version_metadata is enabled has been resolved. #41069

In case of an error when deleting a user or a group no proper feedback was given to the user. This is now fixed. #41077

Search terms for the account can now be removed from the DB if they differ from the ones stored in the DB. This can happen with the user_ldap app, when user search attributes are removed from the connection configuration in the LDAP wizard. #41120

Because of a change first introduced in richdocuments 4.1.0, it was necessary to add compatibility for the richdocuments.document.index route. #41161

App has been deprecated and themes should be rather used to change mail templates. #41168

Previously, the user:list -a occ command was not correctly returning the user’s creation time but rather the path to the user’s home directory. This has been now fixed. #41125

In rare cases, the id column in the file_locks table could hit its limit (defined as int(10) unsigned) as it is set as autoincrement. This is now set to bigint. #41158

Before user information was stored in the browser global object. In some rare cases browsers seemed to loose data stored in the global object. This is fixed now. #41054

As soon as a user has rejected a share no activities within this share are now reported via the activity app. #41078

Outlook CalDAV plugin is sending false as time range which no longer results in a crash. #41050

For avatar generation we now do not accept images exceeding specific dimensions (4k - 4096×2160). #41175

For preview generation it is now possible to define the maximum dimensions of the original image by using config.php options. Note that images bigger than the defined dimensions will not be processed. Default is 6016x4000, which corresponds to 24 MP. Please refer to preview_max_dimensions in config.sample.php for more details. #41193

Instead of asking the backends for the groups a user belongs to, we now get the admin group and list the members to detect if user is admin or not. #41171

Log exceptions for mp3 files previews are no longer generated. #41153

Find below a list of updated apps in comparison with the 10.13.4 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

Currently there are no known issues with ownCloud Server 10.14.0. This section will be updated if issues are discovered.

We now display IoC scanner instructions to all customers (a valid license key needs to be present) during upgrade (console as well as Web Updater) and in the admin settings. #41137

Background: The Indicators of Compromise (IoC) tool plays a vital role in identifying potential security threats or breaches. The tool analyzes your ownCloud 10 deployments and determines whether they have possibly been compromised via the known vulnerabilities. It collects information from the Apache logs and identifies the signatures of potential exploits. Please note, the tool has to be run on ALL ownCloud servers in case of a clustered setup!

Some controllers define methods which are publicly accessible and accessible for authenticated users at the same time. In such situations the 2FA handling was bypassed because of the @PublicPage annotation. We now check 2FA on controllers which are publicly accessible and authenticated. #41123

Since we reverted #41014, upon removing a mountpoint configuration from the web UI, the occ command files:remove-storage is currently not able to properly find the candidates to delete in case shares have been created for files/folders located on those mountpoints.

One of the filters of the preview cleanup job requires casting a filename, which is supposed to contain only digits, to an integer. The expected execution of the DB query should filter the results so the condition above should be true, but the DB’s query planner might choose to apply the filters in a different way, so we could potentially cast random strings to integer. In the case of PostgreSQL, the cast function will cause an error if the string can’t be cast to an integer (because it has non-digit chars, for example). This situation is fixed for all the supported DBs, so we don’t require the query planner to execute the query in any particular way. #41051

The #41014 PR introduced performance problems for large installations. We are therefore reverting that change. #41059

Ensure that users can only delete their own external storage configurations. #41092

Comments describing the configuration variables related to the Kerberos and Windows Network Drive app are now updated and in sync with published online documentation. #41109

Find below a list of updated apps in comparison with the 10.13.2 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

Since we reverted #41014, upon removing a mount point configuration from the web UI, the occ command files:remove-storage is currently not able to properly find the candidates to delete in case shares have been created for files/folders located on those mountpoints.

Previously, subadmins couldn’t read app config values. This caused problems in the users page because some of the functionalities were depending on the config values that subadmins couldn’t read. These problems are now solved. #40961

In previous versions when a user was deleted, files belonging to this user were not correctly removed from the object storage (s3) and were therefore left as remnants, unnecessarily using up space. This has been corrected and files are now properly removed. #40959

The legacy "OC\Repair\FillETags" repair step, executed during upgrades, had prolonged execution times without delivering any further repairs. For this reason, the repair step has now been removed. #40996

We removed the regular expression related to HEIC and HEIF files from the preview manager list as this was preventing the files_mediaviewer app from correctly interpreting these mime types. The app is now able to open such files. #40990

Some mounts use a shared storage which is pointing to a different storage. In case the underlying storage was removed (removal of the external mount from the web UI), the share mount was still being present as if the underlying storage could still be accessed. This was causing problems with the "files:remove-storage --show-candidates" occ command because the removed storage wasn’t shown as a possible candidate. Now that shared storage won’t be mounted and the underlying storage will be detected as a candidate to be removed with the mentioned command. #41014

In some rare scenarios it could have happened that the migration responsible for adding the creation time in the oc_accounts table was not correctly inserted into the oc_migrations one with the consequence that it was reattempted i.e., when upgrading apps, even if the column was already present. This has been fixed. #40991

All known issues in Server 10.13.1 have been fixed:

Find below a list of updated apps in comparison with the 10.13.1 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

There is a performance impact related to certain external storage mounts in ownCloud Server 10.13.2. Possible workaround: Revert via diff

The "Open in Web" feature for direct editing of office documents now properly works on iOS and Desktop clients with Collabora. #40958

The "Open in Web" configuration offers icons to be shown in the clients. This is e.g., used by the iOS 12.0.3 client. We now ship the icons embedded in core. #40953

Find below a list of updated apps in comparison with the 10.13.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

Internet Explorer 11 support will be dropped in the next server release.

Symfony framework has been updated to LTS major version 5.4. This also affected a number of apps which required a new release and have been now included in the complete bundle.

User key encryption has already been deprecated in core versions later than 10.7. For this reason, the command line interface and web UI to enable user key encryption are no longer available. If you are operating an ownCloud installation with user key encryption enabled, please get in contact with support@owncloud.com to plan a migration to master key encryption. encryption#389

Executing the encryption:encrypt-all occ command will no longer auto-enable user key encryption. #40702

Metadata coming from storages is stored in the database. Previously, when a storage has been removed from ownCloud, metadata remained in the DB. The new occ command allows removing that stored metadata, reducing the amount of space used by the DB as well as slightly improving the performance since there will be fewer entries. #40779

2-factor authentication can be enforced now. The feature requires at least one app implementing 2-factor authentication, otherwise no enforcement will be done. If 2-factor authentication is enforced, all users will be required to use a 2-factor authentication app. Some specific groups selected by the admin can be excluded to let those users bypass 2-factor authentication. #40830

After an update of the guzzle library in previous core versions, it was no longer possible to set up new trusted server relations for federated sharing over the Web UI because of the wrong format used during the token exchange phase. We now explicitly set the format to be json so that the exchange is correctly done. #40815

New occ commands have been added to handle the trusted servers for federation from the command line. These commands will allow the admin to add, list and remove trusted servers. #40796

By using a new option Open in.. in the iOS (version 12.0.3+) or Desktop client (version 4.0+) it is now possible to directly open a file in the Office Suite being installed on the ownCloud server. #40843

When the share_folder config.php option was set, guest users could no longer see their received shares. We now skip the share_folder config.php option for guest users and default to root. #40864

Remote shares will have the same restrictions as user and group shares. This means that, in order for a remote user to show up as sharee, the search term length must be greater than the minimum configured otherwise only exact matches will be shown. #40885

Storage and database are now cleaned up of any remaining items if a file upload fails. #40892

The files app version was not properly increased when the OCA\Files\BackgroundJob\CleanupPersistentFileLock and OCA\Files\BackgroundJob\PreviewCleanupJob background jobs were originally added. As a result, those two jobs were not correctly inserted into the oc_jobs table upon a core upgrade. First time installations are not affected as their jobs are correctly added. #40878

Uploading files to some external storages via the desktop client was causing issues due to the checksum wrapper. We are using additional wrappers and the mode wasn’t being detected correctly in some cases. Using the right mode in the checksum wrapper was required in order to decide whether we should have discarded the final checksum or not; in this case, the checksum was being discarded so it was causing a checksum mismatch. Now the open mode in the checksum wrapper is set explicitly. #40832

Core 10.12.1 brought an update of the google/apiclient from version 2.12.6 to 2.13.1. However, in version 2.13.0 the accounts.google.com authorization URI has been updated. This change broke old code that uses the setApprovalPrompt('force') instead of the newer setPrompt('consent') method, as this endpoint does not support the legacy approval prompt parameter. This has been now fixed. #40783

Fixed query that detects unused thumbnails to prevent unnecessary deletes and potential recreations. #40801

Online updater is not recommended for Enterprise installations and is now automatically disabled in such cases. #40841

The versions expire job does not report errors anymore with federated shares when versioning metadata is enabled. #40847

Background jobs can be no longer valid because they are from an old version of an app, or from an app that has been disabled. These jobs can now be listed with the command occ background:queue:status --display-invalid-jobs and can be deleted with the command occ background:queue:delete <Job ID>. #40846

Previously, the user list was sorted in the browser. This was causing confusion because the sorting happened without taking into account all the items, so there were some weird effects. There is no sorting in the browser now. The server is expected to return the list of users already sorted, so the browser just needs to show the list. #40840

The add group button has been removed from the dropdowns because the behavior was confusing. You can still create new groups in the users page by using the add group button in the top left corner of the users page. The dropdowns will only select existing groups, but they won’t add new groups. #40770

firebase/php-jwt version 6 is now part of core and all apps can rely on it. #40901

To ensure clean and reliable operation of the ownCloud platform it is important to stay up-to-date with the latest releases of the server as well as the clients. To take care of compatibility between the server and desktop clients, the minimum version the server will accept connections from has been raised to version 3.2.1.

While it’s recommended to keep up with later versions, this is the new default value. #40876

Find below a list of updated apps in comparison with the 10.12.2 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

Currently there are no known issues with ownCloud Server 10.13.0. This section will be updated if issues are discovered.

Do not allow setting higher permissions on a federated share for a resource which was shared with limited permissions. #40803

The loginInOwnCloud method contains sensitive data in the argument list and needed therefore to be added to the list of methods where sensitive parameters are being obfuscated. #40792

Passwords on public link files with read + write permission were not correctly enforced. The usage of the permissions bits has been now fixed so that, when selecting "Enforce password protection for read + write + delete links", passwords are correctly enforced. #40701

With the introduction of https://github.com/owncloud/core/pull/40567 compatibility with 32-bit systems broke as we are now casting $freeSpace to int and this caused an integer overflow on such systems when the free space was above the max supported value. We added an additional check for 32-bit systems in QuotaPlugin.php. #40709

Quota calculation on 32 bit systems suffered from an inconsistent use of float and integer data types. The fix now correctly supports that the size could be either an integer or a float. #40729

Since version 2.5.0 of the files_texteditor app we use Firebase\JWT\JWT, but this dependency was not directly shipped with files_texteditor. This was not an issue if the files_external or WOPI app(s) were enabled as they include the same dependency. However, if both apps were disabled the functionality of the files_texteditor app broke. We now ship this dependency in files_texteditor as well. files_texteditor#389

Find below a list of updated apps in comparison with the 10.12.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

When upgrading from ownCloud Server 10.11.0, the following migrations will run as part of the upgrade procedure:

Support for security fixes for PHP 7.3 ended in December 2021. ownCloud Server no longer supports PHP 7.3 therefore ensure that you are using PHP 7.4. #40394

To save space, old versions of files are usually deleted over time according to ownCloud’s retention policy. Users are now able to mark the current version as "published". This increases the major version tag and prevents deletion. Also, restore operation logic changed. Now restore creates a new current version of the file from one of the past noncurrent versions of the file. The current version also receives incremented mtime for the file, and author of the file is the user who restored it. The old noncurrent version is no longer removed upon restore and the current version no longer receives mtime of that version. The current version of the file is now shown in the Versions Tab, highlighted with "gray" background. Versions now persist additional extended metadata on versioning tags, that allow easier identification of the versions. Each update increases the minor version for the file. Each new edit of the file creates noncurrent versions - the ones tagged with major version due to publishing will persist long term and won’t be subject to any retention policies. Migrate from deprecated save_version_author to save_version_metadata. #40531

Support for login policies has been added in order to block the login of users under some circumstances. By default, there isn’t any restriction, so any user can login normally (assuming the password is correct). A group login policy has been added. This policy allows or denies users to log in based on the login type being used (username + password, openID Connect, etc.) and whether they belong to specific groups. This can be used to ensure a group of users is always authenticated using a determined authentication mechanism. #40574

Previously, restoring or removing a file from a deleted folder (the folder and the contents were in the trashbin) didn’t remove the versions of the file. Those versions were left in both the database and the file system, taking up space and degrading the performance. This is now being handled properly, so no resources are consumed due to the versions being left stranded. #40291

The "available for" selection of the mount configuration of external storages was using the group ID. This wasn’t a problem because for local groups the group ID matches the group display name, and for ldap groups the group ID was the "cn" attribute. Due to recent changes, the ldap group will now use the "objectuid" attribute (or a similar attribute) as group ID by default. This was causing the "available for" selection to show that "objectuid", so identifying the right group was problematic. Now, the "available for" selection will show the group display name, which for ldap is the "cn" attribute by default. Note that this happens on new installations. There is an automatic migration in place, so for upgrades, the "cn" attribute will be set as group name in order to keep the old behavior. #40412

Updates to permissions of a share were wrongly propagated to public links' children. This has now been fixed and public links are being skipped. #40420

Previously, range downloads (or downloads requesting a specific byte range) would store a checksum, if needed, based only on the requested range. This caused problems because the checksum is expected to be for the whole file. Now those range downloads won’t store a checksum because only a part of the file has been read, so the checksum would be incomplete. Some additional cases have been taken into account, mostly based on actions that could happen on the data stream, but they shouldn’t happen normally. #40513

ownCloud’s file system was initialized partially to prevent contacting the LDAP server if it was configured. This was causing problems because the upload folder where the chunks were expected was a mount point, and due to the partial file system initialization such a mount point was missing, so we were checking a different folder (the default one). Now, ownCloud’s file system will be fully initialized instead, so that the mount point will be present and we check the right location. #40571

With encryption enabled when a file was renamed, first the actual file was renamed, and then the encryption keys were moved to the new location. If something went wrong, it was possible that the keys weren’t moved. This caused the file to become inaccessible because we couldn’t decrypt the file due to the missing keys (which weren’t in the right place). Now, when a file is renamed, the encryption keys will be copied first, and then the file will be renamed. If copying the encryption keys fails, renaming will fail. After the encryption keys are copied, the file could still fail to be renamed. In this case, the copies of the keys will be removed, but the file will still be accessible because we still keep the old keys. The original keys (not the copy) will be removed if the file is successfully renamed. #40433

In the files apps, the "shared with others" and "shared by link" sections allowed people to use a delete action on a file or folder present in that list. This was causing problems because people accidentally removed the folder when, in fact, they wanted to unshare it. This delete action isn’t present any longer. You can revoke shares by accessing the file or folder’s details. If you want to delete the file or folder, you can do it from the regular "all files" section. #40497

This change is targeted mostly at tightly federated setups. Currently, if a federated share is invalid or the API endpoint returns "not found", an availability check would validate whether this is a problem with a server, and that given share is removed. However, in some cases these checks might not be enough (e.g., complex migrations in tightly federated setups). In that case the invalidation behavior can be disabled by using the app setting: "occ config:app:set files_sharing enable_cleanup_invalid_external_shares --value no". #40503

Some images with large EXIF data had problems with the orientation when they were shown. This was caused by the native function failing to retrieve the EXIF data. Images with small EXIF data didn’t have this problem. By making the chunk size of the stream bigger, the native function is now able to load the EXIF data properly and return the information, and with such information we can fix the orientation of the image. #40600

Empty directories were left when the contained versions were deleted or moved. Large installations might end up with too many of these empty directories. Now, when a version is deleted, the containing directory will also be deleted if there aren’t any more versions inside. #40499

When an app_path is pointing outside of the ownCloud server root or uses a symlink, under certain conditions the l10n folder points to an invalid location and results in a crash of the server. This happened due to the assumption that app paths always start with the server root path. #40607

Public links were lost upon moving a share into another share as the share owner was not correctly set. This has now been partially fixed. #40612

Until now it was possible for users with 0 quota or who already reached the limit of their assigned quota to still create empty files/folders, which was confusing. This behavior has been fixed. #40567

Previously only files were accepted via drag & drop. Users can now also drag folders into a public link that has the filedrop flag. When adding a folder, the hierarchy is flattened out and all files are added without any subfolders. Name collisions are avoided as usual. #40643

We have added an if-statement in the files_sharing ShareesController code that searches for remote sharees. When the config entry "sharing.remoteShareesSearch" is set to the name of a class that is registered in the server container and that implements "IRemoteShareesSearch" (for instance the "ScienceMeshSearchPlugin" that the "sciencemesh" app registers) it will be used instead of the federatedfilesharing app to find sharee matches for OCM sharing. #40577

Object storages are reporting only unknown storage space. This causes problems for other apps that rely on this storage method, e.g., metrics app that monitors the available space. A new configuration at the storage level has been added which allows apps or further extensions of the storage class for object storage to use it. #40674

Find below a list of updated apps in comparison with the 10.11.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

When upgrading from ownCloud Server 10.10, there will be no migration steps impacting the upgrade duration. Therefore the upgrade is expected to finish quickly.

In previous versions of ownCloud Server, public links on single files could only be created with read-only permissions (Download / View). If users wanted to share a file and enable recipients to change it, they had to put that file into a folder and share that with permissions for editing (Download / View / Edit). Server 10.11 introduces the Download / View / Edit role for public link shares on single files to make a user’s life easier. Especially when using ownCloud in combination with web office solutions like ONLYOFFICE, Collabora Online or Microsoft Office Online, users can now quickly and conveniently collaborate on documents with external parties. #40264

Server 10.11 introduces the ability to share with multiple users at once by entering their identifiers (e.g., display name, user ID, email address, federated cloud ID) as a comma-separated list in the sharing dialog (e.g., alice,bob@example.org,carol. Based on the inputs, ownCloud will decide how to create the shares (e.g., share with an internal user, invite a new guest, create a federated share). This way, users can easily invite many recipients at once to their files and folders. With Custom Groups version 0.7.0 onwards the same behavior also applies to adding users to Custom Groups. #40155 customgroups#522 guests#506

Server 10.11 in combination with Custom Groups 0.7.0 and Guests 0.12.0 allows inviting new guest users directly into a Custom Group. Previously this was only possible by sharing files with new guests first and creating their user account thereby. New guests will not have access to any files nor will they be able to create/upload their own files unless there is a share with the respective Custom Group or with the guest user. #521 guests#506

For new user accounts, the default skeleton files have been changed a bit in version 10.11. The ownCloud user manual PDF has been removed as it becomes outdated quickly and will not be updated for existing users when a server upgrade is done. It is recommended to provide the official user documentation to users instead. New users will further find a folder called "Learn more about ownCloud" that contains information about the product.

Find below a list of updated apps in comparison with the 10.10.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

When upgrading from ownCloud Server 10.9, the following migrations will run as part of the upgrade procedure:

ownCloud Server 10.10 comes with a couple of stability and security improvements around session lifetime and expiration in the Classic web interface #39916:

Find below a list of updated apps in comparison with the 10.9.1 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

Currently there are no known issues with ownCloud Server 10.10.0. This section will be updated if issues are discovered.

All known issues in Server 10.9.0 have been fixed:

Find below a list of updated apps in comparison with the 10.9.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

As announced in the previous minor releases of ownCloud Server, from version 10.9 onward ownCloud Server no longer supports PHP 7.2. If you’re running on PHP 7.2 or below, it is necessary to upgrade PHP prior to conducting the upgrade to Server 10.9. See the system requirements for more information.

PHP 7.3 support will be dropped in one of the next server releases. Support is still available with 10.9 but it will be necessary to plan an upgrade soon if PHP < 7.4 is in use.

Version 10.9 adds support for MariaDB 10.6 (#39286). If you’re planning a database update to a MariaDB version > 10.5, it is very important to prepare the ownCloud installation first. Please read the documentation on this matter carefully before upgrading to MariaDB 10.6.

Server 10.9 comes with the means to drastically reduce the time needed by the ownCloud clients for the initial discovery of the contents in user accounts, especially for those with many files and huge directory structures. Practically, this means when a user account is initially set up, e.g., in the ownCloud Desktop Client or when larger directory structures are added to an existing account (e.g., via sharing or external storage mounts like Windows Network Drives), the client no longer needs to check every individual folder. Instead, the server will compose a full content listing and provide it to the client ("Streaming PROPFIND with depth=infinity", #38583). Additionally, to prevent memory issues on the server side, this content listing will be streamed to the client while it is being created.

This new server-side capability needs changes in the ownCloud clients to work. At the time of the ownCloud Server 10.9 release, client implementations for iOS, Android and Desktop are in the making but not yet available. The implementations will follow soon with the next client releases.

Since version 10.5, ownCloud supports Manual File Locking to prevent concurrent changes of files by different users. The feature works in a way that it only allows the user who locked a file to unlock it again (exclusive file locking) and it provides a configurable timeout for file locks.

Version 10.9 introduces a new subfeature that allows administrators to define groups of users that are entitled to unlock locked files, independent of whether they have set the lock initially or not (#38222). Users in such groups can regain control over files, e.g., if a lock owner is unavailable and a long timeout for file locks is used. Administrators can configure this in the Manual File Locking section of the General admin settings. For more information, refer to the ownCloud documentation.

To improve usability, Server 10.9 provides a new feature for file versioning. When working on documents with multiple people, it can be important to know who created a certain version, e.g., to roll back to a specific state or to understand who made which changes to a file. For this, you can enable storing and displaying the author of file versions. When enabled, users will see the author of file versions in the 'Versions' tab of the right sidebar in the web interface. To avoid time-consuming database migrations, the author metadata will be stored in files on the storage.

The feature is disabled by default as it is not compatible with all use cases. To enable it, administrators can set 'file_storage.save_version_author' ⇒ true in config.php.

In certain scenarios it is not desired that all users of an ownCloud installation can create public links and share data publicly. Therefore, ownCloud Server 10.9 provides a new configuration option for administrators that allows restricting the creation of public links to users in certain groups (#38980).

In some cases it is necessary to manage storage locations of users, e.g., if you want to distribute them across multiple storages. To facilitate this process, Server 10.9 introduces a new occ command (occ user:move-home) that allows moving user home folders to a new location (#39136). The command takes care of moving the physical data and of updating all other related information. In addition, new commands like the occ user:home:list-dirs which lists the available storage locations of users and occ user:home:list-users which lists users belonging to a storage location have been added. For more information, refer to the ownCloud documentation about occ and about user management.

Find below a list of updated apps in comparison with the 10.8 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

All known issues in Server 10.8 have been fixed.

The all-new web interface for ownCloud, ownCloud Web, has come a long way since its initial release at the end of 2020. It is available as an app on the ownCloud Marketplace and ownCloud Server has been prepared to work with it since version 10.6. ownCloud Web can be deployed as a supplement to the classic web interface and meanwhile it is in use at quite a number of installations. This has brought up good feedback around the integration with ownCloud 10 that has been addressed for 10.8. Additionally, lots of improvements have made their way into ownCloud Web. For an overview you can have a look at the ownCloud Infinite Scale release notes and for a full list of changes, please see the ownCloud Web changelog.

The most prominent recent improvements are

With all these improvements we want to motivate ownCloud service providers to make ownCloud Web available to users, to experience the new technology as well as to provide feedback to further improve it. The ownCloud Web integration app comes as part of the 10.8 complete bundle. Furthermore, ownCloud Web has a release cycle of 3 weeks that is independent of ownCloud Server. This allows new versions with features, fixes and improvements to be made available regularly via the ownCloud Marketplace and to deploy them with minimal effort.

The usability of the "Add to ownCloud" feature on public link pages has been improved (#38712). Research on the feature has shown that most users use the feature to add links to the same ownCloud installation they originate from instead of creating federated shares with other ownCloud installations. For this reason there is a new default behavior which allows adding a link to a user account on the ownCloud installation the public link originates from with just a click and without requiring any further input. Advanced users can use a dropdown menu to add a link to a user account on another ownCloud installation.

The login page has received several improvements regarding design and usability (#38506). A login button and labels for the input fields have been added and the "Alternative login" buttons (e.g., for authentication with OpenID Connect) have been redesigned to give a more modern look and feel. In this context, also the ownCloud Enterprise Theme has received improvements that are shipped with Server 10.8.

Invitation links for new users in the local ownCloud user management expire after 12 hours for security reasons. For such cases, administrators can now conveniently re-send invitation emails to new users using the mail icon in the user management. #38774

Events in the activity stream that have been issued by the system (e.g., expired shares or workflow automations like file retention or auto-tagging) are now indicated properly. Before, these events appeared as if the user would have done them manually. To be effective, this requires the latest versions of the Workflow and Activity app versions which are shipped with ownCloud Server 10.8. #38605 #38631

Upgrading from ownCloud Server 10.7 to 10.8 does not involve database migrations. The upgrade duration is, therefore, expected to be short.

Since ownCloud Server 10.5, all supported apps are being shipped as part of the complete bundle for ownCloud Server. Find below a list of updated apps in comparison with the 10.7 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

The minimum supported PHP version has been increased from 7.2 to 7.2.5. If you are still running PHP 7.2, ensure that you are running a recent patch release before upgrading to 10.8.

As announced with the release notes of version 10.6, PHP 7.2 support will be dropped in one of the next minor releases. Support is still available with 10.8 but it will be necessary to plan an upgrade soon if PHP < 7.4 is in use.

All known issues from Server 10.7 have been fixed.

Upgrading from ownCloud Server 10.6 to 10.7 does not involve database migrations. The upgrade duration is, therefore, expected to be short.

Version 10.7 brings improvements for storage encryption in order to reduce storage usage. By changing from base64 to binary encoding for encrypted files, a reduction of about 35% in storage usage can be achieved. For existing installations that use storage encryption, this process is seamless. Files that have been stored before upgrading to 10.7 will stay with the previous encoding until they are rewritten which will store them with the new encoding.

Storage encryption in ownCloud offers two options, master-key and user-key encryption. While master-key encryption is based on a general encryption key that is used to decrypt all user data, user-key encryption relies in essence on user passwords to decrypt individual user data. Both follow the goal to prevent malicious administrators from being able to read user data. Due to the nature of user-key storage encryption, this encryption mode comes with a list of limitations and can cause challenges for administrators, e.g., when users forget their password. For these reasons, user-key storage encryption is now marked as deprecated and will not be maintained anymore for future versions of ownCloud Server. Server 10.7 still supports user-key encryption but the feature will be removed in later versions. If you are operating an ownCloud installation with user-key storage encryption enabled, please get in contact with support@owncloud.com to plan a migration to master-key storage encryption.

As announced with the release notes of version 10.6, PHP 7.2 support will be dropped in one of the next minor releases. Support is still available with 10.7 but it will be necessary to plan an upgrade soon if PHP < 7.3 is in use.

Both known issues from Server 10.6 have been fixed.

This section will be updated when more issues are discovered.

PHP 7.2 recently reached its end of life and is not maintained anymore. ownCloud Server will, therefore, drop support in one of the next minor versions as well. If you’re running on PHP lower than 7.3, please make sure to schedule an upgrade to PHP 7.4 as soon as possible. See the system requirements for more information.

ownCloud Server 10.6 comes with the prerequisites to run the new ownCloud Web frontend as an optional component on top of it.

There are different ways to deploy ownCloud Web with ownCloud Server. We strive to make it as easy as possible to make the new frontend available to users. For this, there is the new app for Web on the ownCloud Marketplace. It can be installed on ownCloud 10 servers with the regular tools. The app will make the new frontend available as described above when deployed and configured correctly.

Requirements for deploying ownCloud Web as an app for ownCloud Server 10

Since ownCloud Server 10.5 all supported apps are shipped in the ownCloud Server Complete bundles. The following changes have been made to the bundle for Server 10.6:

This section will be updated when other issues are discovered.

As announced, in the previous minor release of ownCloud Server, from version 10.5 onward, ownCloud Server no longer supports PHP 7.1. If you’re running on PHP 7.1 or below, it is necessary to upgrade PHP prior to conducting the upgrade to Server 10.5. See the system requirements for more information.

ownCloud Server 10.5 officially supports PHP 7.4. The Server Core and all apps maintained by ownCloud have received a full QA cycle and are proven to work reliably with PHP 7.4. If you are still running a PHP version < 7.2, you must upgrade PHP before upgrading ownCloud Server as lower versions are not supported anymore.

Summarizing, ownCloud Server 10.5 supports the PHP versions 7.2, 7.3 and 7.4.

ownCloud Server 10.5 comes with great enhancements for content collaboration. Manual file locking allows users to lock files in shared areas while working on them in order to prevent concurrent changes from other users (check-in/check-out).

The feature builds on the WebDAV Locks backend which has been introduced with Server 10.1 and is now available in the ownCloud Web Interface. Using the context menu of files, every user who has access can lock them. Users can recognize locked files by the means of a new lock indicator. While a file is locked, other users can still access it but they cannot make any changes. Locked files can manually be unlocked by the lock owner (the user who locked the file; exclusive locking) using the "Locks" tab in the file details view (right sidebar).

To prevent files being locked infinitely, there is a mechanism that automatically expires locks after a certain time. The expiration time of locks can be configured via the "Manual File Locking" section in the Settings  Admin  Additional settings or using occ commands:

By default locks set in the web interface will expire after 30 minutes. The expiration time is bound to the individual locks and can’t be changed after locking. The maximum lock time by default is one day.

The ownCloud Marketplace is opening up. With the release of Server 10.5, all apps available on the Marketplace (including ownCloud Enterprise apps) are now also available for download and installation via the Market app. This change facilitates the process of getting started with ownCloud Server and of evaluating Enterprise functionality. Additionally, it allows updates for all apps to be obtained from the ownCloud Marketplace and ensures running up-to-date versions.

In line with the changes to the Marketplace the deliverables for ownCloud Server have been unified. Previously there were different Tarball bundles, Docker images and Linux packages for the Community (bare minimum) and Enterprise (all supported apps) Editions. Starting with Server 10.5 there are the following bundles which are shipped via tarball, Docker images and Linux packages: - minimal bundle for the Server and required components, semantically versioned (ownCloud-10.5.0) - complete bundle for the Server and all supported apps, including the Enterprise features, not semantically versioned as it always contains the latest versions of all supported apps (ownCloud-complete-<date>)

The availability of Enterprise features now only depends on the license key. As part of this process, the former enterprise_key app has been deprecated and is not used anymore. New versions for all Enterprise apps have been released and included in the Server 10.5 complete bundle. These are needed to work with PHP 7.4 and the new licensing mechanism (see below).

To facilitate the evaluation of ownCloud Enterprise functionality, Server 10.5 comes with a new trial mechanism. Previously, the process to upgrade from a Community installation to an Enterprise trial was not that easy.

With Server 10.5 this process has been changed and made easier: Along with the changes to the Marketplace and in delivery, Enterprise functionality is available in every installation after upgrading or installing, respectively. The apps can be enabled like other apps which will start a grace period if no valid license key is present. During this time the functionality can be fully used and the admin has some time to start a trial. To start 30 days of Enterprise trial, a demo license key can be obtained from a new landing page. As usual, if you do not have a valid license key after the grace period or the 30-day trial, all Enterprise apps will become disabled again. The administrator will be informed and guided to obtain the demo license and can enter it in the web interface. If desired, the location of the landing page can be customized using the config.php option 'grace_period.demo_key.link' ⇒ 'https://owncloud.com/try-enterprise/'.

As mentioned above, Server 10.5 adds new UI elements to set license keys in the Settings  Admin  General settings. Keys added this way will be stored in the database, not in config.php as before. Still, there is legacy support taking into account when keys have been stored in config.php or license.config.php.

With ownCloud Server 10.2.0 a background job for change detection of nested federated shares was added (occ incoming-shares:poll) to allow ownCloud Server to discover changes in federated shares in order to make them available for synchronization with the ownCloud Clients. Based on feedback a new, improved background job with more configuration options was added to Server 10.5. It replaces the former occ command which is now deprecated and should not be used anymore after upgrading to 10.5.

In addition to discovering changes ("check"), the new background job also synchronizes meta-data changes between involved servers ("scan") making them available without requiring users to actively browse them.

The new background job provides some configuration options to optimize its performance, especially for larger environments: - Minimum number of hours since the last login of a user that a scan is triggered (limits the execution of discovery & metadata sync to active users which have logged in during the configured time frame) (default: 24h)

occ config:app:set files_sharing cronjob_scan_external_min_login --value <integer-seconds>

occ config:app:set files_sharing cronjob_scan_external_min_scan --value <integer-seconds>

occ config:app:set files_sharing cronjob_scan_external_batch --value <integer-number>

The new background job is disabled by default and can be enabled/disabled in the Settings  Admin  Sharing settings (Periodically synchronize outdated federated shares for active users) or using
occ config:app:set files_sharing cronjob_scan_external_enabled --value yes.
If enabled, it will be executed as part of the regular ownCloud background job queue and therefore does not need to be added to crontab.

Currently there are no known issues with ownCloud Server 10.5.0. This section will be updated when issues are discovered.

Upgrading from ownCloud Server 10.3.x to 10.4.0 does not involve database migrations. The upgrade duration is, therefore, expected to be short.

As announced, in the previous release of ownCloud Server, from version 10.4 onward, ownCloud no longer supports PHP 7.0. If you’re running on PHP 7.0, it is necessary to upgrade PHP prior to conducting the upgrade to Server 10.4. We strongly recommend upgrading to PHP 7.2 or 7.3. See the system requirements for more information.

PHP 7.1 recently reached its end of life and is not maintained anymore. ownCloud Server will, therefore, drop support in one of the next minor versions as well. If you’re running on PHP < 7.2, please make sure to schedule an upgrade to PHP 7.2 or 7.3 as soon as possible. See the system requirements for more information.

To give users and administrators more control of access to resources, Server 10.4 introduces an expiration date for user and group shares, just like in public links. With this new feature, users can control the lifetime of shares with other users or groups. Administrators can choose to set a default maximum lifetime and to enforce it. To integrate this change, the UI in the user/group sharing tab of the sidebar has been adapted. When a resource is shared, the user and group entries are expandable and collapsible using the cogwheel next to the trash bin icon to show/hide the permissions and the expiration date field to maintain an overview. Additionally, to allow users to recognize expiring shares at a glance, a new clock indicator will be shown next to the cogwheel.

Administrators can configure the feature in the 'Sharing' section of the admin settings.

ownCloud Server 10.4 puts the focus on user awareness for shared areas to prevent accidentally sharing data or changing other users' data, as well as to make it easier for users to recognize who has access to shared areas. Practically, users are better able to recognize shared resources using a new share overlay indicator on file and folder icons. The indicators are also applied to resources that are not directly shared but are part of a share (when working in a shared folder).

Apart from that, the sharing sidebar panels have been improved to also show users/groups and public links which have access through shares on parent folders. These will be shown as static entries with a "via" indicator that allows users to jump to the parent folder and to change the share properties, if desired.

This sharing information is only shown to share owners (users that created shares) as other share recipients are not entitled to get detailed information about who else has access.

The discontinuation of PHP 7.0 enables support for MariaDB up to version 10.4 and PostgreSQL 10. Server 10.4 is thoroughly tested against these database versions and proven to work stably.

Apart from this patch release, please consider the ownCloud Server 10.3.0 release notes, below.

ownCloud Server 10.3 officially supports PHP 7.3. The Server Core and all apps maintained by ownCloud have received a full QA cycle and are proven to work reliably with PHP 7.3. If you are still using version 5.6, you must upgrade PHP before upgrading ownCloud Server as it’s not supported anymore since ownCloud Server 10.2. If you are still running PHP 7.0 or 7.1, please plan an upgrade soon as these versions are or will soon be unsupported, respectively. See the system requirements in the ownCloud Documentation for more information.

As announced with ownCloud Server 10.0.8 and 10.2.0, support for PHP 7.0 is discontinued. The next minor version of ownCloud Server (around the end of 2019) no longer supports PHP 7.0. If you are still running on PHP 7.0, please make sure to plan an upgrade to PHP >= 7.2 to stay compatible.

For code cleanup reasons, the execution of background jobs (e.g., for public link expiration, trash bin emptying, cleanup of old file versions) has been changed.

The following changes require manual interaction in your installation:

The Media Viewer app has recently been released. The Media Viewer is the next generation image and video file viewer for ownCloud. It provides a foundation based on new technologies and officially supersedes the former gallery and files_videoplayer apps. ownCloud Server 10.3 does not bundle gallery and files_videoplayer anymore. Instead, it bundles files_mediaviewer. With this change, support and maintenance for gallery and files_videoplayer are discontinued. More details on the Media Viewer can be found in the release blog post.

For more information on the Media Viewer app, visit the ownCloud Documentation.

Server 10.3 comes with improvements for session handling with Redis. These are designed to cope with issues encountered around duplicate session tokens, which make the ownCloud Clients lose their OAuth2 authorization from time to time, and force users to re-authenticate.

The session handling in ownCloud 10.3.0 has been generally improved, making user and client sessions more stable. If Redis is used for session handling, it is necessary to enable Session Locking to ensure that the mentioned issues no longer occur.

To cope with long user names or additional user information and to provide a better overview for users, the user/group sharing autocompletion dropdown has been restructured. The available information is now distributed vertically to improve space usage and user experience. Screenshots are available in the pull request. Other ownCloud clients will align with this behavior with the next releases.

Following the deprecation announcement with ownCloud Server 10.0.9, support for primary and secondary storage via the OpenStack SWIFT protocol has been removed. Please get in contact with ownCloud Support if you’re still using OpenStack SWIFT and want to upgrade.

The extension to integrate S3 object storages as secondary storages (files_external_s3) has been updated, unbundled from ownCloud Server (was previously part of files_external) and released to the ownCloud Marketplace. If you’re using S3 external storage mounts, you have to conduct some steps to ensure continuous operation after upgrading to Server 10.3:

ownCloud Server is being prepared for Phoenix, the upcoming web frontend for ownCloud. As Phoenix is separated from the backend and communicates only via HTTP APIs, it is necessary to complete the API coverage.

The following new HTTP APIs have been added with Server 10.3:

All new endpoints are currently in tech preview state and are mainly used for Phoenix development. For this reason, they are disabled by default and have to be explicitly enabled using the new config.php option: 'dav.enable.tech_preview' ⇒ true,.

ownCloud Server offers two ways for key management with storage encryption. Either a central master key pair or individual user key pairs are used to encrypt/decrypt data. Previously both modes used the same mechanisms which resulted in potentially significant overhead when master key encryption was used as user key encryption relies on so-called share keys which are necessary to allow share recipients to decrypt shared files.

With master key encryption, share keys are redundant as you have one central key that can be used to decrypt all files. Version 10.2.1 corrects this behavior by dropping share keys for master key encryption, thereby increasing the performance dramatically, especially when sharing folders with many files as said keys do not have to be generated anymore for each file.

Please note that this minor release contains database migrations which impact the upgrade duration. Specifically:

Following up the PHP 5.6/7.0 deprecation notice in the ownCloud Server 10.0.8 releases ownCloud Server 10.2 does not support PHP 5.6 and some apps no longer support older PHP versions. Additionally, PHP 7.3 support will be available in an upcoming version.

If you’re still running PHP 5.6, you must upgrade to PHP 7 before upgrading to ownCloud Server 10.2. Please be aware that apps that do not support outdated PHP versions will not upgrade.

To allow for additional upgrade time, version 10.2 still supports PHP 7.0, because some of the major Linux distributions continue to support it. However, support for PHP 7.0 will be discontinued in an upcoming version of ownCloud 10, to enhance both security and performance. To prepare for this change, we strongly encourage you to begin planning an upgrade as soon as possible.

The new server version introduces the means for extensions to implement additional, advanced permissions for user and group sharing. This feature increases sharing flexibility and opens the doors for extension developers to introduce new functionality based on sharing permissions.

Especially, considering collaborative editing solutions, this addition provides the foundation for mode-based document sharing, such as "view-only", "comments-only" or "enforce change tracking". In the future, such advanced permissions should significantly improve the security as well as the usability of review processes, working on Office documents collaboratively, or exchanging information securely.

Based on the new capabilities a set of features has been developed together with Collabora Online, called Secure View. Secure View is designed to enable information distribution processes for sensitive data, meaning that information can be provided securely yet can — under no circumstances — leave the platform.

Practically, it enables users to share documents (such as docx, xlsx, pptx, and PDF files) in such a way that the recipient can’t edit, download, copy and paste, nor print them. Additional protection for screenshots and photos is provided by watermarks which display user information. What’s more, users can decide to allow printing and exporting of documents protected by watermarks as well.

With ownCloud Server 10.2, the former "Download / View / Upload" permission has been renamed to "Download / View / Edit", as this better reflects its behavior (full permissions). Additionally, a new permission ("Download / View / Upload") has been introduced which allows recipients to view, download, and upload contents but not to make any changes to existing content (e.g., rename, move, delete, update). Another way of looking at it is as a public file drop folder for distributing and gathering information with a single link, yet which prevents recipients from altering the existing content.

With version 10.2, ownCloud Server officially supports storage encryption with master keys stored in hardware security modules (HSM). In contrast to regular master key-based storage encryption, which stores the keys on the storage, storage encryption with keys in an HSM allows administrators to completely prevent anyone with access to the storage from accessing the data stored in ownCloud.

As a result, the bundled encryption app has been updated to support HSM, and a standalone service (hsmdaemon) that connects ownCloud Server and the HSM device is now available within ownCloud Enterprise Edition. To get started with storage encryption and HSM, please get in touch with us. For more information around the different encryption types ownCloud offers, consider this whitepaper.

When using federation to share data across ownCloud instances, deeply nested folders (e.g., folders with many sub-items) are not discovered automatically for performance reasons. This leads to several issues such as the ownCloud Desktop Client not being able to synchronize newly added or changed content unless the user navigates down the hierarchy using the web interface, which manually triggers content discovery.

Also, the size of such folders can’t be calculated, showing "Pending" instead, until the discovery is manually triggered. To help alleviate this problem, a new occ command has been introduced. It can be executed regularly as a background job to discover federated shares (occ incoming-shares:poll). This is aimed at handling this issue while providing the means for administrators to control resource usage.

When using federation, it is recommended to execute occ incoming-shares:poll regularly using Cron jobs. The time interval to choose between executions is a trade-off between the availability of changes in federated shares and resource consumption, which naturally depends a lot on the number of federated shares and the frequency of changes within those shares.

Executing the command once per 12 hours should be safe enough for any instance. However, the interval could be reduced to once per 2 hours for instances with a low number of federated shares.

Depending on the desired resource consumption this value should be lowered or increased based on individual expectations. To find a value that fits a specific setup, it is recommended to execute the command once, measure the execution time and set the interval so that the background job can finish before the next execution is triggered.

ownCloud Server 10.0.9 introduced the Pending Shares feature which allows users to decide whether or not they want to accept local user shares instead of just making the decision for them, giving more control thereby. In contrast, Federated shares always had to be accepted as they can originate from external, potentially untrusted, sources.

ownCloud Server 10.2 introduces a global option to automatically accept federated shares originating from trusted servers. This option enables providers of several instances (e.g., an external and an internal instance) to facilitate or automate data exchange between them, not requiring users to accept shares.

In the spirit of self-service, ownCloud Server 10.2 introduces new options for users that previously were reserved for global admin settings:

Starting with this release, ownCloud Server and the app ecosystem will follow the principles of Semantic Versioning. This step was taken to benefit operators by clearly indicating the contents and upgrade procedures of new releases via version numbers. Practically, the versioning scheme will follow the "Major.Minor.Patch" (or "Breaking.Feature.Fix") format. App developers need to re-release their apps to make them compatible with the new version. For details, please refer to this blog post.

occ upgrade pulls app updates from the ownCloud Marketplace to make sure that not only the Server itself but also the installed apps are kept up-to-date. In line with the new versioning principles occ upgrade as well as the Market App now make a difference between major and minor app updates. Practically, this means that during a minor Server upgrade only new minor app versions will be installed. This is to make sure that apps with breaking changes will not be automatically installed when upgrading the Server. The --major option for occ upgrade and occ market:install provides the means for administrators to force installing new major app versions. Additionally, the Market App now includes a version picker to enable administrators to choose which version of an app they want to install or upgrade to.

Version 10.1 delivers all the prerequisites to be compatible with the Microsoft Office Online Server Integration (WOPI) that is about to become available. This enables providers to integrate ownCloud Server with Microsoft’s Office Online Server which brings users the benefits of working on Office documents in the browser as well as collaboratively with other users. The integration will work with MS Office Online Server (on-premise) out-of-the-box. We kindly ask you to get in touch with us if you want to make use of the Office 365 (cloud) version of Office Online.

ownCloud Server 10.1 introduces WebDAV Locks that allow clients to lock and unlock resources to prevent other users from making changes. The feature has been implemented as a prerequisite for manual file locking and MS Office Online Server compatibility. In the current state, file locking is only available via API. Users can recognize locked files via the "lock" icon in the file list. Additionally a lock owner (the user who locked the file) can manually unlock them via the "Locks" tab in the right sidebar. The "Locks" tab will only appear for files that have active locks.

Please note that foreign keys have been added with the :WebDAV Locks feature. This is the first time ownCloud implements foreign keys.

Federation enables instances of ownCloud and other supporting platforms to exchange information. It allows users to share data across installations building a worldwide collaboration network of decentralized nodes - each under the full control of it’s provider. Together with the other vendors the underlying OpenCloudMesh API specification has been shifted to a new level to clean up the interface, improve its stability and to set the foundation for future feature improvements. ownCloud Server 10.1 is compliant with the new specification proposal. The introduction of the new specification does not involve changes in functionality for users.

Version 10.1 comes with a new scope for Collaborative Tags called "Static Tags". In addition to the other tag scopes, these tags are intended to be supplied by administrators and linked with policies in the File Firewall, Document Classification or Workflows, for example. Every user will be able to see these tags assigned to files but only users in specified groups have the permission to assign or unassign them. This makes it possible to equip certain users with the means to impose pre-defined policies upon files. To create such tags administrators need to use the Collaborative Tags Management extension.

After announcing the future deprecation of PHP 5.6 and 7.0 with the 10.0.8 release, ownCloud Server now follows up by officially adding PHP 7.2 support. The Server Core and all apps maintained by ownCloud have received a full QA cycle and are proven to work reliably with PHP 7.2. ownCloud Server is also being prepared for PHP 7.3, which is scheduled to become available by the end of 2018.

If you are still using versions 5.6 or 7.0, please plan an upgrade to 7.2 soon. See the system requirements in the ownCloud Documentation.

In previous versions, administrators created local users by entering a username and a password. In many cases this is undesirable, as administrators set the password for new users and need to provide it via a second communication channel. For this reason the local user creation flow has been changed to expect a username and an email address, which will be used to send an activation link to new users.

This way user creation is easier and more secure as new users are informed automatically and can choose a password in self-service. For cases where administrators want to set the initial password, it’s possible to deviate from the default by setting the option "Set a password for new users" on the bottom left settings cog. The former option "Send email to new users" has been removed, as this change made it obsolete.

ownCloud Server 10.0.10 introduces an HTTP API for search functionality. It enables the use of search terms to query the server and the delivery of search results via HTTP (WebDAV). In upcoming releases, ownCloud clients will make use of it to search content on the server, without the need to have them available locally.

In combination with the Full-Text Search integration, which is soon to be released as an ownCloud Server extension (Community Edition), HTTP API for Search will boost usability and productivity for users. For example, they will be able to search through all the content which they store in their account and quickly find files on their smartphones.

Together with the new server version, another security-enhancing extension is available, Brute Force Protection. This extension is tasked with preventing attackers from guessing user passwords (brute-force attack) by delaying subsequent failed login attempts for a user account from the same IP address.

While in the past similar functionality was only achievable via third party applications, such as Fail2Ban, this extension provides the functionality natively, configurable by ownCloud administrators on the Security settings section.

The new extension supersedes the former Security extension together with the new Password Policy extension, which has been released with ownCloud Server 10.0.9. This community-contributed extension is well-tested, but out of ownCloud’s general support scope. However, individual support can be obtained on request.

The reliability of the file upload feature in the ownCloud web interface has been improved. When uploading larger amounts of data on unreliable connections (e.g., on the train or with mobile data) you have to deal with interruptions and timeouts, which in the past required users to restart stalled uploads from the beginning in the worst case.

On top of ownCloud’s chunking mechanism, which splits large files into pieces and uploads them separately, there’s new logic that takes care of retrying stalled chunks. With this, uploads can now continue from the point they froze when a connection becomes available again.

System groups in ownCloud can have many purposes. They can be used for sharing with many users at once, for feature and access restrictions, or for storage mounts to specific users - just to name a few. In some cases, especially in larger deployments, it’s undesirable that groups which are used for other purposes are also available for sharing. To prevent users from sharing with such groups, administrators can now blacklist the respective system groups using the option "Exclude groups from receiving shares" in the administration settings "Sharing" section.

The occ command user:resetpassword allows system administrators to reset or change user passwords. It has been extended to provide the additional options --send-email and --output-link, which can be used to send a password reset link to the user via mail and output the password reset link to the command line, respectively. This change is in line with the new local user creation flow, which is explained above, and can also be used for further processing with scripts. See the ownCloud Documentation and the --help option for more information.

To ensure clean and reliable operation of the ownCloud platform it is important to stay up-to-date with the latest releases for the server as well as the clients. To take care of compatibility between the server and desktop clients, the minimum version the server will accept connections from has been raised to version 2.3.3.

While it’s recommended to keep up with later versions, this is the new default value. It can be changed by altering the config.php parameter 'minimum.supported.desktop.version' ⇒ '2.3.3', if absolutely necessary.

Usually ownCloud renders mail notifications in the language of the recipients, when they are known. For the recently improved feature to send public links with a personal note directly from the user interface, the recipients' language can’t be determined automatically, it just knows the recipients' mail addresses.

ownCloud therefore uses the language of the user who sent the notification, which can have the drawback that recipients can’t understand them. This is still the default behavior but administrators can now change it via a dropdown menu "Language used for public mail notifications for shared files" in the settings "Sharing" section.

Mail templates for share notifications do not strip line breaks from the personal note anymore. This affects the HTML (core/templates/mail.php) and plain text (core/templates/altmail.php) mail templates. The default templates shipped with ownCloud Server 10.0.10 have been modified to accommodate these changes. If your custom theme overrides these templates, you have to follow up with the changes:

ownCloud Server 10.0.10 takes care of 10.0.9 known issues and provides remedies for several others:

Currently there are no known issues with ownCloud Server 10.0.10. This section will be updated in the case that issues become known.

The option "Exclude groups from sharing", in the administration settings "Sharing" section, enables administrators to exclude groups of users from the ability to initiate file shares. In previous versions this restriction only applied to users who were members of exactly these groups (membership of one or more non-excluded groups bypassed the restriction).

This behavior has been changed to be both more restrictive and to better cover the expectations of administrators. With ownCloud Server 10.0.9, it will apply to all users who are members of at least one of the excluded groups.

In ownCloud Server 10.0.8, the value for minimum characters to trigger the sharing autocomplete mechanism <min-chars-for-sharing-autocomplete-label> has been made configurable and set to 4 by default. As this security-enhancing change came at the expense of usability, and might only be required in special scenarios, the default value has been reverted to 2.

For increased security requirements, the config.php option 'user.search_min_length' ⇒ 2 can be adjusted. To further improve usability, a hint has been added to inform users about the required character count, to get suggestions.

To improve the usability of the occ user:list command, the output has been made configurable by using the -a option, for including certain attributes. This change has mainly been introduced to facilitate automation tasks. Check the --help option for more information.

New events are available for audit logging, among others. These include:

When logs are forwarded to external analyzers, like Splunk, administrators can check to add the new events. The latest version of the Auditing extension (admin_audit) is required.

ownCloud Server 10.0.9 takes care of 10.0.8 known issues, and provides remedy for several others:

The new Password Policy feature "Password Expiration":

PHP 5.6/7.0 active support has ended on January 19th 2017 / December 3rd 2017 and security support will be dropped by the end of 2018. Many libraries used by ownCloud (including the QA-Suite PHPUnit) will therefore not be maintained actively anymore which forces ownCloud to drop support in one of the next minor server versions as well. Please make sure to upgrade to PHP 7.1 as soon as possible. See the system requirements in the ownCloud documentation.

One of the usability enhancements of ownCloud Server 10.0.8 is the possibility for users to add a personal note when sending public links via mail. When using customized mail templates it is necessary to either adapt the shipped original template to the customizations or to add the code block for the personal note to customized templates in order to display the personal note in the mail notifications.

ownCloud Server 10.0.8 introduces a new extensible notification framework. Apart from technical changes under the hood the Notifications app can now also send mails for all notifications that previously were only displayed within the web interfaces (notification bell) or on the Desktop client (notifications API) like incoming federated share or Custom Group notifications, for example. In the "General" settings section users can configure whether they want to receive mails for all notifications, only for those that require an action or decide not to get notifications via mail (by default users will only receive notifications when an action is required).

New events have been added to be used for audit logging, among others. These include configuration changes by administrators and users, file comments (add/edit/delete) and updating existing public links. When logs are forwarded to external analyzers like Splunk, administrators can check to add the new events. The latest version of the Auditing extension (admin_audit) is required.

With ownCloud 10 file integrity checking by computing and matching checksums has been introduced to ensure that transferred files arrive at their target in the exact state as their origin. In some rare cases wrong checksums can be written to the database leading to synchronization issues with e.g. the Desktop Client. To mitigate such situations a new command occ files:checksums:verify has been introduced. The command recalculates checksums either for all files of a user or for files within a specified path, and compares them with the values in the database. Naturally the command also offers an option to repair incorrect checksum values (-r, --repair). Please check the available options by executing occ files:checksums:verify --help. Note: Executing this command might take some time depending on the file count.

For security reasons the default value for minimum characters to trigger the sharing autocomplete mechanism has been set to "4" (previously it was set to "2"). This is to prevent people from easily downloading lots of email addresses or user names by requesting their first letters through the API. As it is a trade-off between security and usability for some scenarios this high security level might not be desirable. Therefore the value now is configurable via the config.php option 'user.search_min_length' ⇒ 4,. Please check which value fits your needs best.

With ownCloud 10 the File Drop feature has been merged with public link permissions. This kind of public link does not give recipients access to any content, but it gives them the possibility to drop files. As a result, it might not always be desirable to enforce password protection for such shares. Given that, passwords for public links can now be enforced based on permissions (read-only, read & write, upload only/File Drop). Please check the administration settings `Sharing` section and configure as desired.

By verifying signature files the integrity check ensures that the code running in an ownCloud instance has not been altered by third parties. Naturally this check can only be successful for code that has been obtained from official ownCloud sources. When providing custom apps (like theme apps) that do not have a signature, the integrity check will fail and notify the administrator. These apps can now be excluded from the integrity check by using the config.php option 'integrity.ignore.missing.app.signature' ⇒ ['app_id1', 'app_id2', 'app_id3'],. See config.sample.php for more information.

It is now possible to modify user details like display names or mail addresses via the command occ user:modify. Please append --help for more information.

Apart from using the occ files:scan command for single users and whole instances it can now be executed for groups using -g, --groups=GROUPS. Please append --help for more information.

When using syslog as the log type ('log_type' ⇒ 'syslog', in config.php) the default format has been changed to include request IDs for easier debugging. Additionally the log format has been made configurable using 'log.syslog.format' in config.php. If you require a certain log format, please check the new format and config.sample.php on how to change it.

For security reasons federated sharing (sharing between different ownCloud instances) strictly requires HTTPS (SSL/TLS). When this behavior is undesired the insecure fallback to HTTP needs to be enabled explicitly by setting 'sharing.federation.allowHttpFallback' ⇒ false, to true in config.php.

Upgrading to 10.0.8 includes migrations related to auth_tokens (app passwords). When users have created app passwords as separate passwords for their clients the upgrade duration will increase depending on user count. Please consider this when planning the upgrade.

When the "Sharing" settings option Allow users to send mail notifications for shared files for public links is enabled, users can send public links via mail from within the web interface. The behavior of the autocomplete when entering mail addresses in the public link share dialog has been changed. Previously the autocomplete queried for local users, users from federated address books and contacts from CardDAV/Contacts App. As public links are not intended for sharing between ownCloud users (local/federated), those have been removed. Contacts synchronized via CardDAV or created in the Contacts app will still appear as suggestions.

The command occ notifications:generate can be used to send notifications to individual users or groups. With 10.0.8 it is also capable of including links to such notifications using the -l, --link=LINK option. Please append --help for more information. There is also Announcement center to conduct such tasks from the web interface but it is currently limited to send notifications to all users. For now administrators can use the occ command if more granularity is required.

For security reasons ownCloud has a Same-Origin-Policy that prevents requests to ownCloud resources from other domains than the domain the backend server is hosted on. If ownCloud resources should be accessible from other domains, e.g., for a separate web frontend operated on a different domain, administrators can now globally specify policy exceptions via CORS (Cross-Origin Resource Sharing) using 'cors.allowed-domains' in config.php. Please check config.sample.php for more information.

The Mail Template Editor has been unbundled from the default apps and is not shipped with the Server anymore. When upgrading ownCloud will try to automatically install the latest version from the ownCloud Marketplace in case the app was installed before.

If this is not possible (e.g. no internet connection or clustered setup) you will either need to disable the app (occ app:disable templateeditor) or download and install it manually.

As of ownCloud Server 10.0.5 it is only possible to have one theme app enabled simultaneously. When a theme app is enabled and the administrator attempts to enable a second one this will result in an error. However, when also having the Mail Template Editor enabled in this scenario the administrator’s "General" settings section will be displayed incorrectly. As a remedy administrators can either uninstall the second theme app or disable the Mail Template Editor app.

ownCloud catches up with new web technologies. This has mainly been introduced for the open-source community to test and give feedback. PHP 7.2 is not yet supported nor recommended for production scenarios. ownCloud is going to fully support PHP 7.2 with the next major release.

Please make sure to have the PHP extension installed before upgrading.

The theming behavior has been changed so that only a single theme can be active concurrently. This change ensures that themes cannot interfere in any way (e.g., override default theming in an arbitrary order). Please make sure to have the desired theme enabled after upgrading.

Please switch to the new External Storage: Dropbox app with Dropbox API v2 support to continue providing Dropbox external storages to your users.

ownCloud Server 10.0.4 known issue is resolved.

The "Restrict users to only share with users in their groups" option, in the Sharing settings, restricts users to only share with groups which they are a member of, while simultaneously prohibiting sharing with single users that do not belong to any of the users’ groups.

To make this more granular, we split this option into two parts and added "Restrict users to only share with groups they are member of", which differentiates between users and groups. Doing so makes it possible to restrict users from sharing with all users of an installation, limiting them to only being able to share with groups which they are a member of, and vice versa.

The ownCloud sharing dialog displays users according to their display name. As users can choose their display name in self-service (which can be disabled in config.php) and display names are not unique, it is possible that a user can’t distinguish sharing results.

To cover this case the displayed user identifiers are now configurable. In the Sharing settings administrators can now configure the display of either mail addresses or user ids.

We recommend using this command when directed to do so in the upgrade process. Please refer to the occ command’s files:scan --repair documentation for more information.

Administrators can use the output of this command when using a network firewall, to check the appropriateness of configured rules or to get assistance when setting up.

As ownCloud needs to behave differently when operating in a clustered setup versus a single instance setup, the new config.php option operation.mode has been added. It can take one of two values: single-instance and clustered-instance. For example: 'operation.mode' ⇒ 'clustered-instance',.

Currently the Market App (ownCloud Marketplace integration) does not support clustered setups and can do harm when used for installing or updating apps. The new config setting prevents this and other actions that are undesired in cluster mode.

When operating in a clustered setup, it is mandatory to set this option. Please check the config_sample_php_parameters documentation for more information.

When file uploads are interrupted for any reason, already uploaded file parts (chunks) remain in the underlying storage so that the file upload can resume in a future upload attempt. However, resuming an upload is only possible until the partial upload is expired and deleted, respectively.

To clean up chunks (expire and delete) originating from unfinished uploads, administrators can use this newly introduced command. The default expiry time is two days, but it can be specified as a parameter to the command.

It is not included in the regular ownCloud background jobs so that the administrators have more flexibility in scheduling it. Please check the background jobs configuration documentation for more information.

When administrators did intentional changes to the ownCloud code they now have the ability to exclude certain files from the integrity checker. Please check config.sample.php for the usage of 'integrity.excluded.files'.

When upgrading to 10.0.4 migrations may increase update duration dependent on the number of files.

Users with outdated browsers might get warnings. See the list of supported browser versions.

owncloud-enterprise packages are no longer available for CentOS 6, RHEL6, Debian 7, or any version of Fedora. A new package, owncloud-enterprise-files, is available for all supported platforms, including the above. This new package comes without dependencies, and is installable on a larger number of platforms. System administrators must install their own LAMP stacks and databases.

The SharePoint Drive application does not verify the SSL certificate of the SharePoint server or the ownCloud server, as it is expected that both devices are in the same trusted environment.

When you are configuring the LDAP user and group backend application, ownCloud may not auto-detect the LDAP server’s port number, so you will need to enter it manually.

There is no preview icon displayed for text files when the file contains fewer than six characters.

When you mount a Federated Cloud share from a remote ownCloud server, you cannot re-share it with your local ownCloud users. (See Federated Cloud Sharing Configuration to learn more about federated cloud sharing)

If you are using the Encryption application and upgrading from older versions of ownCloud to ownCloud 8.0, you must manually migrate your encryption keys.

Windows Server is not supported in ownCloud 8.

PHP 5.3 is not supported in ownCloud 8, and PHP 5.4 or better is required.

If Multiviews are enabled in your Apache configuration, this may cause problems with content negotiation, so disable Multiviews by removing it from your Apache configuration. Look for lines like this:

Delete Multiviews and restart Apache.

ownCloud’s file scanner does not follow symlinks, which could lead to infinite loops. To avoid this do not use soft or hard links in your ownCloud data directory.

Creating an ownCloud group with a comma in the group name causes ownCloud to treat the group as two groups.

On Windows servers Hebrew file names grow to five times their original size after being translated to Unicode.

Google Drive tries to download the entire file into memory, then write it to a temp file, and then stream it to the client, so very large file downloads from Google Drive may fail with a 500 internal server error.

When you activate the Encryption application on a running server that has large numbers of files, it is possible that you will experience timeouts. It is best to activate encryption at installation, before accumulating large numbers of files on your ownCloud server.

When you are configuring the LDAP user and group backend application, ownCloud may not auto-detect the LDAP server’s port number, so you will need to enter it manually.

Prior to 7.0.4, LDAP searches were substring-based and would match search attributes if the substring occurred anywhere in the attribute value. Rather, searches are performed on beginning attributes. With 7.0.4, searches will match at the beginning of the attribute value only. This provides better performance and a better user experience.

Substring searches can still be performed by prepending the search term with *. For example, a search for te will find Terri, but not Nate:

If you want to broaden the search to include Nate, then search for *te:

Refine searches by adjusting the User Search Attributes field of the Advanced tab in your LDAP configuration on the Admin page. For example, if your search attributes are givenName and sn you can find users by first name + last name very quickly. For example, you’ll find Terri Hanson by searching for te ha. Trailing whitespaces are ignored.

Under certain circumstances, running your ownCloud server on IIS could be at risk of data loss. To prevent this, follow these steps.

The Antivirus application offers three modes for running the ClamAV anti-virus scanner: as a daemon on the ownCloud server, a daemon on a remote server, or an executable mode that calls clamscan on the local server. We recommend using one of the daemon modes, as they are the most reliable.

Some ownCloud applications have the option to be enabled only for certain groups. However, when you select specific groups they do not get access to the app.

For security and performance reasons, file previews are available only for image files, covers of MP3 files, and text files, and have been disabled for all other filetypes. Files without previews are represented by generic icons according to their file types.

Because of limitations in phpseclib, you cannot upload files larger than 4GB over SFTP.

Setting user quotas to unlimited on an ownCloud installation that has unreliable free disk space reporting– for example, on a shared hosting provider– may cause file uploads to fail with a Not Enough Space Available error. A workaround is to set file quotas for all users instead of unlimited.

In older versions of ownCloud, you could set an expiration date on both local and public link shares. Now you can set an expiration date only on public link shares, and local shares do not expire when public link shares expire.

Setting a user’s storage quota should be the equivalent of read-only, however, users can still create empty files.