httpoxy Can Affect Nextcloud, Get Your Update Now

We ship Guzzle 5 as part of Nextcloud. This handles http requests and supports HTTP_PROXY environment variable which can be abused, in some special scenario’s, by an attacker to read content. In the worst case, when you use the ajax cron feature, an attacker can potentially see external storage credentials and data. We recommend not to use the ajax cron feature but the system cron if possible, as that also improves performance and reliability.

As a precaution and because security and privacy are paramount for our users, we released a security update. Grab the latest from the install page! Here is documentation on doing a manual upgrade or migrate.

Learn more about httpoxy here.

You have javascript disabled. We tried to make sure the basics of our website work but some functionality will be missing.

This website is using cookies. By visiting you agree with our privacy policy. That's Fine