Today we release a beta of Nextcloud 10. This release brings a number of new features like new authentication protection mechanisms (including brute force protection and Two-Factor Authentication), improvements to federation, usability work and more. We’re also close to implementing the final pieces of enterprise functionality we promised, a task we will complete before the final release of Nextcloud 10.
Brute force protection and Two-factor auth
Authentication has gotten a serious overhaul, improving the security of your Nextcloud through brute force protection and two-factor authentication, features mainly developed by Lukas Reschke and Christoph Wurst (more details in Lukas’ blog).
Brute Force Protection logs invalid login attempts and slows down multiple attempts from a single IP address (or IPv6 range). This feature is enabled by default and protects against an attacker who tries to guess a password from one or more users.
TOTP in action
The login system now supports pluggable authentication. That includes two-factor authentication and device specific passwords, complete with a list of connected browsers and devices on the users’ personal page. Users can also use their email address to log in.
Active sessions can now be invalidated through the list, by removing the user in the admin settings or by changing passwords and this also works for LDAP users. Admins can even enable or disable two-factor authentication for users on the command line.
For the final Nextcloud 10 release some more SAML work is being finalized. The clients don’t support two-factor authentication yet, something which is a work-in-progress. Device specific passwords can off course be used.
Bjoern and others continued to work on Federation (see his blog). Main improvements are a better handling of mounted link shares and reshares as well as more detailed permissions support.
Upgrade to test 10.0 Beta!
Since its inception in 2014 of server to server sharing, it has been possible to add a shared link to your Nextcloud instance. In Nextcloud 10, these will act like normal federated shares, that is, you can see who you shared with, change permissions and remove the shared link without removing the federated shares.
Another “make it more seamless” improvement is that if you re-share federated shares, the servers make a direct connection rather than going via your server. This means faster and more reliable sharing!
Last but not least, federated shares now offer exactly the same type of permissions as normal shares in Nextcloud.
Text file preview
There has been usability work in various areas of Nextcloud like on the Files app and the theming abilities.
The Files app offers permanent links to files in the URL bar. That is, if you send the URL of a file on your Nextcloud to a colleague or friend you shared the file with, they can open the link you sent no matter where they have moved the shared file in their Nextcloud instance.
The Files app can also now show or hide hidden files, remember the sort order per user and will scroll the file list when you are dragging files to move them into another folder.
Previews of text files won’t be shown as unreadable small thumbnails but much bigger and last but not least, if you upload files, an estimate is given for how long the upload will take.
This release brings some updates to external storage, improving the performance and memory usage of the Dropbox and Google Drive support. Nextcloud 10 also introduces UTF-8 NFD encoding support for external storages. Last but not least, this release introduces support for SMB change notifications used in enterprise environments. This ensures changes on a Windows Network Drive will be quickly and without a big performance impact reflected in Nextcloud.
There are a number of changes for developers which will enable better performance of the clients, enable them to define background jobs and repair steps and more.
The upgrade process has also undergone a number of improvements, showing better progress information and improving reliability but we’re still working in this area so more information will be in the final announcement.
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
The serious security flaws in ownCloud (now owned by Kiteworks) do NOT affect Nextcloud. We have strict security processes in place, and do not ship test data from libraries that can cause security breaches.
Minor Nextcloud updates are released, as well as an update to the desktop client.
As always, minor releases include stability and security improvements that are designed to be a safe and quick upgrade.