Fresh from the Nextcloud conference stage, we are proud to announce a major release of Nextcloud, the easiest solution for secure, on-premises collaboration on documents, calendars and communication! Nextcloud 17 will introduce a series of secure collaboration features including a collaborative text editor, remote wipe, updated secure view, improved two-factor-authentication and easier access than ever with deeper integration of large-scale storage like S3 and IBM Spectrum Scale.
Nextcloud 17 is available as release candidate, with the final release expected later this month.
A quick overview of what is new:
💣 Remote Wipe allows users and administrators to forcibly clean files from remote devices, for example in case they are stolen.
A major new feature in Nextcloud 17 is remote wipe. While many companies have Mobile Device Management, thanks to build-in support, Remote Wipe will work on systems not under management of the company. This is useful for home users but also large universities and of course in a scenario where guest accounts were handed to a third party. If you permit downloading of documents by the third party, you can wipe the documents from their devices when the the collaboration has ended.
Remote wipe can be used on a per-device basis by users and on a per-user base by the administrator.
Remote wipe as a user, per device
Remote wipe as admin, per user
Two-factor authentication improvements
Two-factor authentication is very important to protect the security of Nextcloud accounts. Administrators can enforce the use of two-factor authentication and offer a number of options to users.
Nextcloud 17 introduces:
Ability for users to setup 2FA after the first login it was enabled or enforced
New Administrator settings:
Administrator can create one-time-login tokens for users who forgot or broke their second factor solution
Administrator can delegate the ability to create one-time-login tokens to group administrators
Nextcloud offers the following 'second factor' options, any number of which can be enabled by the system administrator and used to validate the login of a user:
Time-based One-Time Password (TOTP, including Google Authenticator or similar apps
Universal 2nd Factor hardware tokens (U2F, like Yubikeys or Nitrokeys, also supports NFC)
Gateways: SMS, secure messaging apps Telegram, Signal and more
Notification (just click to approve login on an existing device like a phone)
User backup code (User has to generate these in advance and store them in a safe location)
Administrator backup code (creating those can be delegated to group admins)
Active user sessions can be invalidated through a list, by removing the user in the admin settings or by changing passwords. Users can manage their own sessions and devices. Remote wipe is available from that same screen.
2FA enforcement settings, enforcing for guest users
2FA setup on first login
one-time login token creation
Secure view and watermarks for documents
Last December, Nextcloud 15 introduced the Hide Download menu option. Since then this feature was used to provide secure view functionality in Collabora Online and ONLYOFFICE. With Nextcloud 17, our secure view feature was expanded with admin settings for watermarked text to enforce watermarks on:
public shares: option for all/read-only shares/hide download/tagged with (select a tag, for workflow integration)
internal shares: option for all/read-only/no reshare/tagged with (select a tag, for workflow integration)
Note that the full range of options requires Collabora Online 4.1. For older versions only the 'all' option works. ONLYOFFICE supports all these new capabilities as of today.
With secure view, our online office solutions can be configured to open PDF files, images and text files, making these files available in a watermark-protected way, while downloads and other apps are disabled using File Access Control. This setup is useful when data has to be protected from leaking but still has to be made available for review, like in a virtual dataroom scenario.
Configuring Secure View in Collabora
Setting a 'confidential' tag
Secure view watermarked file
Secure mailbox for Outlook
The Outlook Add-in introduces the secure mailbox feature. This feature protects the contents (body) of email from interception by providing the recipient with a notification that a new email was received. The recipient then has to log in on their (guest) account to access the email and its attachments.
In combination with the read.me app, the body of the email is shown on top of the file attachments. Each email is a folder, linked to in the email notification.
Writing an email
Attaching files, enabling Secure Mailbox
Email as it will be sent to recipient
Recipient view in Secure Mailbox in Nextcloud
This example sends the link and password to the recipient by email. The user can take out the password and send it through another channel. Alternatively, when a guest account is set up for the recipient, the Outlook add-in will detect this and instead share the message to the guest account and include an internal link in the email. The recipient will have to log into their guest account to access the email.
You might be familiar with this feature from banks, insurance, realtors and other organizations dealing with sensitive data. Protecting the content from emails from leaking is very hard and with the Secure Mailbox for Outlook feature, Nextcloud offers an integrated solution.
Security is very important to Nextcloud users, and thus a core focus for the Nextcloud team. Every release comes with many improvements, and this is no different. These include:
A new feature policy header
Suspicious login improvements
At the Nextcloud Conference, Nextcloud GmbH also announced a doubling of its security bug bounties to USD 10.000. This means an even larger insentive for security experts to find and responsibly report security problems to Nextcloud's capable and responsive security team.
There are many moments when a light-weight, distraction-free text editor is the perfect solution for the task. Note taking, writing down thoughts or brainstorming a little don't require advanced editors with thousands of features. Nextcloud Text is an integrated, collaborative markdown-based text editor and ships as part of Nextcloud 17. Compared to the test version we made available for Nextcloud 16, this version has much improved reliability and introduces plain text editing with syntax highlighting for code.
All the good features are still here, and improved:
simple, efficient interface
any number of collaborators
support for bullets, headers, bold, italics, images and strike-through
sidebar with sharing, comments, versions, video chat and activity
and now: plain text editing with syntax highlighting
Performance, scalability and storage integration: IBM Spectrum Scale, Global Scale and S3.
This release delivers a number of improvements in the area of performance, scalability and storage integration.
Real time document collaboration with Global Scale
This release expands the capabilities of our unique Global Scale architecture to Colabora Online. Global Scale is designed to enable some of our largest customers to run a single Nextcloud instance with tens of millions of users. Collabora Online GS integration allows these users to seamlessly collaborate with each other on office documents.
Global Scale has been in production since 2017 in a commercial setup for tens of millions of users across 4 continents. Several other customers have deployed or began experimenting with Global Scale in the last years. Thanks to the new integration, Collabora Online installations at multi-million user scale are now set to roll out.
For smaller deployments, these changes are also relevant: users can now collaboratively edit documents across private Nextcloud servers!
In collaboration with IBM, Nextcloud 17 introduces IBM Spectrum Scale integration.
IBM Spectrum Scale is a high-performance file system for managing data with the distinctive ability to perform analytics in place with comprehensive support for data access protocols including POSIX, NFS, SMB, HDFS and S3/Object. It can provide a single namespace for all this data, offering a single point of management with an intuitive graphical user interface. IBM Spectrum Scale offers high scalability, high availability, automated data management and reliability with no single point of failure in large file storage infrastructure.
On request of several major research organizations and universities, Nextcloud and IBM developed this integration between IBM's Spectrum Scale and the Nextcloud storage layer. A white paper with more details can be found on the IBM website. An example use case would be when a research institute has a large storage system where research data is written to by scientific tools. Thanks to this integration, this data can be made available real time through Nextcloud and manipulated without the risk of accessing outdated information.
Nextcloud 17 introduces S3 versioning support which allows a Nextcloud server to use the native versioning of S3 rather than its own. This allows a system administrator to manage versions using native S3 tools but, when used with S3 as external storage, also improves compatibility with other applications which access the same data. Nextcloud will then be able to recognize versions created by these other applications, and vice versa.
More responsive web interface and decreased server load
In every release, Nextcloud improves in performance and responsiveness of its user interface. For this release:
We have significantly reduced the number of requests to the server on page loads.
We do more streaming when writing to storage
A new event dispatcher interface does simpler linking and more lazy loading.
An initial state manager makes some pages feel more instant since it saves the initial ajax all to the backend.
This should help decrease server load and improve the snappyness of the web interface.
With this Nextcloud version comes again a release of Nextcloud Talk. Like the previous release, the work for this release was focused on improving the reliability of Talk, but a few new features were integrated as well:
Added a simple Lobby: moderators can join and prepare a call/meeting while users and guests can not join yet
Allow to mention guest users
Added a voice level indicator and notify the user when they speak while they are muted
Today, we also make available releases of our Android, iOS and desktop clients!
There is much more new and improved in this Nextcloud release. For example, we have a systems overview in the admin settings which shows system package versions to help the admin administer their system. The monitoring section received a bit of a redesign. We could keep going, but we rather recommend you try out Nextcloud 17 RC1 and help us make it as stable as possible!
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
The serious security flaws in ownCloud (now owned by Kiteworks) do NOT affect Nextcloud. We have strict security processes in place, and do not ship test data from libraries that can cause security breaches.