Nextcloud Server Changelog

We recommend you follow our Release Channels to always have the latest and most secure Nextcloud Server version which fits your needs.

• Nextcloud 12
• Nextcloud 11
• Nextcloud 10 (unsupported!)
• Nextcloud 9 (unsupported!)

Version 12.0.0 May 22 2017

Download: nextcloud-12.0.0.tar.bz2 or nextcloud-12.0.0.zip
Check the file integrity with:
MD5: nextcloud-12.0.0.tar.bz2.md5 or nextcloud-12.0.0.zip.md5
SHA256: nextcloud-12.0.0.tar.bz2.sha256 or nextcloud-12.0.0.zip.sha256
SHA512: nextcloud-12.0.0.tar.bz2.sha512 or nextcloud-12.0.0.zip.sha512
PGP (Key): nextcloud-12.0.0.tar.bz2.asc or nextcloud-12.0.0.zip.asc

Changes

Over 1100 changes were merged in the server, with many hundreds more in existing or new apps. The main improvements include:

• Collaboration features
  • push notifications on mobile
  • unique public link shares to multiple users, each with their own settings like read/write rights, password protection and expiration date.
  • videocall app integration with screensharing
  • federated activities
  • writable public share link allowing you to share and collaborate immediately
  • compatibility for user-centric group management with the Circles app
  • social sharing (Twitter, G+, Facebook, Diaspora)
  • XMPP chat improvements (file transfers, chat status notifications, message archive management)
• Security improvements
  • brute force protection for developers
  • rate limiting of certain IP range for developers
  • support of a wide variety of authentication mechanisms
• Administration
  • push notifications via command line
  • new apps (Guest App, Impersonate App, Excludedirs app, Quota Warning App, JSLoader App, Backup App)
• Contacts menu for reaching users easily in your Nextcloud
• Many more smaller changes like the ability to move files through the menu instead of drag and drop in the Files App, and ability to find documents deleted by a recipient in your trashbin

Release announcement with overview about features and changes

See a full list of integrated pull requests here.

Version 11.0.3 April 24 2017

Download: nextcloud-11.0.3.tar.bz2 or nextcloud-11.0.3.zip
Check the file integrity with:
MD5: nextcloud-11.0.3.tar.bz2.md5 or nextcloud-11.0.3.zip.md5
SHA256: nextcloud-11.0.3.tar.bz2.sha256 or nextcloud-11.0.3.zip.sha256
SHA512: nextcloud-11.0.3.tar.bz2.sha512 or nextcloud-11.0.3.zip.sha512
PGP (Key): nextcloud-11.0.3.tar.bz2.asc or nextcloud-11.0.3.zip.asc

Changes

Server

• Use the correct principal for shared addressbooks (server/3608)
• Fix saving backup codes by using a correct data uri (server/3652)
• Update icewind/streams to 0.5.2 (server/3293)
• Fix string comparison and return docs (server/3665)
• Typecast shared mount's storage_id to int as documented + some refactor to avoid similar bugs (server/3658)
• Use a proper date format for transfer ownership (server/3700)
• DAV sharing permissions should not depend on the order (server/3722)
• Add new user agent of windows 10 dav backend (server/3764)
• Add back appstoreenabled config switch (server/3767)
• Call right function after sudo mode (server/3820)
• Dont allow empty wildcard search (server/3842)
• Remove single quotes around search query like in user search (server/3849)
• Fix mimetype detection on public uploads for the workflow engine (server/3765)
• Fix branding and show Nextcloud (server/3969)
• Fix reshare with user activity message (server/3981)
• Create correct VCard and return correct error codes (server/4029)
• Prevent migration from ownCloud 10 to Nextcloud 11 (server/3415)
• Make sure transparency is an integer when saving a calendar (server/4167)
• Make public links work with master key (server/4207)
• Don't try to render the avatars if avatars are disabled (server/4214)
• Reduce error message text (server/4228)
• Don't list on public calendar endpoints (server/4229)
• Fix upload of folders in Chrome (server/4154)
• Make sure blob columns are correctly converted as parameters (server/4233)
• Save the scope of an auth token in the session (server/4225)
• Take share by mail into consideration if we calculate the access list (server/4242)
• Also add the root of external storages to the file id list (server/4237)
• Fix LDAP description (server/4238)
• Remove the double password confirmation on changing cron (server/4236)
• Fix scheduling plugin on legacy caldav endpoint (server/4235)
• Directly fix invalid values of DTEND and DTSTART (server/4234)
• Make JobList::next() lock free (server/4254)
• Don't remove owner property for public calendars (server/4272)
• Add capabilities for share by mail (server/4251)
• Dont use the permissions mask while scanning (server/4278)
• Add missing maintenance plugin to new DAV endpoint (server/4290)
• Fix bug with shared_by for own calendars if shared (server/4301)
• Translation string corrected > 1 user (server/4377)

Activity

• Fix activities for "Files drop" on external storages (activity/118)

User_SAML

• Bump to php-saml 2.10.5 (user_saml/100)

Logreader

• Small screen layout improvements (logreader/2bcd915969386ceb77c7f91dfd5fc19fd3212346
• Fix log filtering (logreader/4095dfc62dcceb3c59a3f581baa5589737d0e6f3)
• Greatly speedup log iteration (logreader/71a4c6849641f821e80d96674c57a69fe7a8aa9e)
• Search more rows (logreader/b9d00b5599ac8a76862895266f1c23096391aad8)
• Stop iterating if we dont have a valid file handle (logreader/a87a8e653ecae5efef6342e645b98f2878219c87)
• Don't return a LogIterator on a broken handle (logreader/39069108f99d463b1cb8bc944f3ef24324b9f43d)
• More robust log iteration (logreader/c0eb04d55bf1dee94ef523dae0e3b0e6afc272a6)
• Use proper iso date format (logreader/13a31181a6d72d084797a71f49f2c5edee8c8dae)
• Automatically try to fix some common escape errors from copy-pasted log entries (logreader/031db2a7f9b9f8cee42acf6eae7d993d31d4660a)
• Fix stack trace parsing of incorrectly escaped logentries (logreader/538667770edfdd48374ef33e9c15498ed98ece60)
• Highlight entries from the same request when clicking on an entry (logreader/2d1ccd0e4cca32220fcbe0b4d79d1cd23f0e73a5)
• Fix copy paste info searchfield (logreader/0e91b2f46649a720feb7c3b6b8266b8657db5574)
• Fix reset search after 0 results (logreader/50bec8ecf7edd81cfb96a35089283c0d879b41f3)
• Allow searching for requestId and user (logreader/7f84e55bb4a1e4086ab0918a6bf58ad3885bbd91)
• Allow searching in url (logreader/7833d97cf85fd351d2f7550d67d21bd0c2a815f4)
• Fix infinite scroll (logreader/cbe874c6c068b9156ad8456edf31d112da40cbc9)
• Dont show loading indicator if we already have entries (logreader/d26a08dc0540126177e8d20c3e243b44c5a399c4)

Gallery

• Fix upload after core changes (gallery/b4ac4429841cfe2b7ea260dfb37fcde25580143c)
• Update JavaScript libraries (gallery/247)

Version 11.0.2 February 27 2017

Download: nextcloud-11.0.2.tar.bz2 or nextcloud-11.0.2.zip
Check the file integrity with:
MD5: nextcloud-11.0.2.tar.bz2.md5 or nextcloud-11.0.2.zip.md5
SHA256: nextcloud-11.0.2.tar.bz2.sha256 or nextcloud-11.0.2.zip.sha256
SHA512: nextcloud-11.0.2.tar.bz2.sha512 or nextcloud-11.0.2.zip.sha512
PGP (Key): nextcloud-11.0.2.tar.bz2.asc or nextcloud-11.0.2.zip.asc

Changes

Server

• Use login name to fix password confirm with ldap users (server/2953)
• Change the row-format before changing the collation (server/3063)
• Generate correct path for owner and use the display name (server/3080)
• Markdown support for app descriptions (server/3117)
• Fix style in comment (server/3143)
• Escape the name for the jquery selector (server/3138)
• Define spreed calls (server/3115)
• LDAP Backend OCS Api (server/3213)
• Fix Sharing app description (server/3397)
• Fix shared-as-busy events for owner (server/3363)
• Use correct theming when returning the defaults (server/3399)
• Filter out sensitive appconfig values (server/3400)
• Add transifex config for sharebymail (server/3423)
• Update the email in the accounts table as well (server/3411)
• Don't log the password on confirmPassword when LDAP throws an exception (server/3414)
• Make sure ownCloud 8.2 activities also can get displayed (server/3412)
• Popovermenu backport (server/3286)
• Set vendor during install (server/3426)
• Make sure the file information is available when sending the email (server/3433)
• Add profile data to provisioning api (server/3259)
• Fix detection of the new iOS app (server/3431)
• Add integration tests for legacy DAV endpoints (server/3445)
• Make sure invalid images don't flood the log file (server/3440)
• Fix printing backup code (server/3510)
• Fix cookie name (nctoken instead of octoken) (server/3511)
• LDAP's checkPassword should only catch when a user was not found (server/3493)
• Return unknown free space from nullstorage (server/3508)
• Fix for address book data lost when any user receiving a share is deleted (server/3499)
• Rename database password toggle (server/3500)
• Popovermenu files css fix (server/3494)
• Add screensharing icon (server/3481)
• Fix misleading wording: searching is affected, not user access (server/3560)
• Backport of Fix Broken UUID Attribute Detection (server/3528)

Activity

• Make sure integer like names are still strings (activity/103)
• Fix activities for public uploads (activity/113)
• Show the parent as target when the file was not renamed (activity/114)
• Fix activities for "Files drop" on external storages (activity/118)

SAML & SSO

• Setup account later (user_saml/79)

Serverinfo

• Fix SQL syntax error on MariaDB 10.0.27 and 10.1.19 (serverinfo/77)
• Don't throw an error when /proc/meminfo is not readable (serverinfo/76)

Survey_Client

• Fix problem when checking size with dash in DB name (survey_client/50)

Version 11.0.1 January 16 2017

Download: nextcloud-11.0.1.tar.bz2 or nextcloud-11.0.1.zip
Check the file integrity with:
MD5: nextcloud-11.0.1.tar.bz2.md5 or nextcloud-11.0.1.zip.md5
SHA256: nextcloud-11.0.1.tar.bz2.sha256 or nextcloud-11.0.1.zip.sha256
SHA512: nextcloud-11.0.1.tar.bz2.sha512 or nextcloud-11.0.1.zip.sha512
PGP (Key): nextcloud-11.0.1.tar.bz2.asc or nextcloud-11.0.1.zip.asc

Changes

Server

• Safari CSPv3 support is sub-par (server/2699)
• Fix legacy DAV endpoint (server/2685)
• Use unmasked permissions in shared scanner (server/2696)
• Do not connect to database before creating it (server/2703)
• Fix todo list activity filter (server/2746)
• Changed anchor in settings page (server/2805)
• Also check in cron for old php version (server/2809)
• Add DAV repair step to fix calendar data (server/2807)
• Only log as info when we can not create a new DB user (server/2750)
• Fix wording for apps mgmt buttons (server/2751)
• Use a form so firefox doesn't try to save the space as a password (server/2804)
• Fix overwriting parameter (server/2825)
• Applied security hardening in SwiftMailer (core/2882)
• Don't set Content-Disposition header if one already exists (server/2949)
• Don't link to the oC forum (server/2988)
• Set redirect_url on 2FA challenge page (server/2981)
• Dont write a certificate bundle if the shipped ca bundle is empty (server/2994)
• Remove group restrictions when those are not allowed anymore (server/2980)

Activity

• Update docs and samples (activity/92)
• Make sure the preview URLs are absolute (activity/91)

User_SAML

• Update SAML library (user_saml/64))
• Make the JS work with sudo mode (user_saml/71))
• Enabled strict mode (user_saml/75))

files_retention

• Delete job if tag not found (files_retention/18)

Also included is a precautionary update for a recent SwiftMailer security issue.

Release blog with more information

Version 11.0.0 December 13 2016

Download: nextcloud-11.0.0.tar.bz2 or nextcloud-11.0.0.zip
Check the file integrity with:
MD5: nextcloud-11.0.0.tar.bz2.md5 or nextcloud-11.0.0.zip.md5
SHA256: nextcloud-11.0.0.tar.bz2.sha256 or nextcloud-11.0.0.zip.sha256
SHA512: nextcloud-11.0.0.tar.bz2.sha512 or nextcloud-11.0.0.zip.sha512
PGP (Key): nextcloud-11.0.0.tar.bz2.asc or nextcloud-11.0.0.zip.asc

Changes

Over 1000 changes were merged, among them:

• Security improvements
  • support for cutting edge browser security features CSP 3.0 and Same-site Cookies
  • support for Kerberos authentication and Two-factor Authentication providers based on Universal 2nd Factor and Time-based One-Time Password
  • expanded brute force protection to all API access points
  • more secure Federation through use of SSL/TLS
  • access rights on app-specific login tokens
  • Our new app store automatically checks apps and enforces signatures
• Scalability and performance improvements
  • Reduce database load up to 80%, speed up small files transfer up to 60%
  • Introduce Multi-bucket support for better scalability on Object Stores
  • Improved preview handling, including no more duplicates for each user
  • Faster Collabora Online startup
  • Faster loading of large folders
• Apache Solr based Full Text Search with Nextant app
• Next gen Federation supports optionally storing info in global 'addressbook' for easy finding of users
• Experimental Spreed app integrates audio/video chat
• Many more smaller changes like 'move file' option in menu, scrollable pdf previews and more

Release announcement with overview about features and changes

See a full list of integrated pull requests here.

Version 10.0.5 April 24 2017

Download: nextcloud-10.0.5.tar.bz2 or nextcloud-10.0.5.zip
Check the file integrity with:
MD5: nextcloud-10.0.5.tar.bz2.md5 or nextcloud-10.0.5.zip.md5
SHA256: nextcloud-10.0.5.tar.bz2.sha256 or nextcloud-10.0.5.zip.sha256
SHA512: nextcloud-10.0.5.tar.bz2.sha512 or nextcloud-10.0.5.zip.sha512
PGP (Key): nextcloud-10.0.5.tar.bz2.asc or nextcloud-10.0.5.zip.asc

Changes

Server

• Fix typo in advertisment footer (server/3664)
• Fix branding and show Nextcloud (server/3970)
• Make sure transparency is an integer when saving a calendar (server/4168)
• Reduce error message text (server/4227)
• Fix LDAP description (server/4239)

User_SAML

• Bump to php-saml 2.10.5 (user_saml/101)

Gallery

• Bump to newest DOMPurify release (gallery/249)

Version 10.0.4 February 27 2017

Download: nextcloud-10.0.4.tar.bz2 or nextcloud-10.0.4.zip
Check the file integrity with:
MD5: nextcloud-10.0.4.tar.bz2.md5 or nextcloud-10.0.4.zip.md5
SHA256: nextcloud-10.0.4.tar.bz2.sha256 or nextcloud-10.0.4.zip.sha256
SHA512: nextcloud-10.0.4.tar.bz2.sha512 or nextcloud-10.0.4.zip.sha512
PGP (Key): nextcloud-10.0.4.tar.bz2.asc or nextcloud-10.0.4.zip.asc

Changes

Server

• Fix Sharing app description (server/3398
• Replace ownCloud with Nextcloud in welcome.txt (server/3404)
• Set vendor during install (server/3427)
• Fix detection of the new iOS app (server/3432)
• Add integration tests for legacy DAV endpoints (server/3446)
• Make sure invalid images don't flood the log file (server/3441)
• Fix misleading wording: searching is affected, not user access (server/3561)

Serverinfo

• Fix SQL syntax error on MariaDB 10.0.27 and 10.1.19 (serverinfo/78)

Survey_Client

• Fix problem when checking size with dash in DB name (survey_client/51)

Version 10.0.3 January 16 2017

Download: nextcloud-10.0.3.tar.bz2 or nextcloud-10.0.3.zip
Check the file integrity with:
MD5: nextcloud-10.0.3.tar.bz2.md5 or nextcloud-10.0.3.zip.md5
SHA256: nextcloud-10.0.3.tar.bz2.sha256 or nextcloud-10.0.3.zip.sha256
SHA512: nextcloud-10.0.3.tar.bz2.sha512 or nextcloud-10.0.3.zip.sha512
PGP (Key): nextcloud-10.0.3.tar.bz2.asc or nextcloud-10.0.3.zip.asc

Changes

Server

• Return ETag and OC-ETag in case of move (server/2462)
• Throw an exception when a shipped app was not replaced before the update (server/2464)
• Use proper ALTER ROLE syntax (server/2591)
• Lower the role name before using it (server/2592)
• Get correct L10N for Settings Manager (server/2667)
• Perform CalDAV and CardDAV tests against old endpoint (server/2684)
• Use unmasked permissions in shared scanner (server/2697)
• Do not connect to database before creating it (server/2702)
• Make sure that header is always positioned at the top (server/2755)
• Also check in cron for old php version (server/2810)
• Fix overwriting parameter (server/2826)
• Don't link to the oC forum (server/2989)
• Applied security hardening in SwiftMailer (core/2884)

User_SAML

• Update SAML library (user_saml/65))
• Enabled strict mode (user_saml/74))

Precautionary update for a recent SwiftMailer security issue.

Release blog with more information

Version 10.0.2 December 9 2016

Download: nextcloud-10.0.2.tar.bz2 or nextcloud-10.0.2.zip
Check the file integrity with:
MD5: nextcloud-10.0.2.tar.bz2.md5 or nextcloud-10.0.2.zip.md5
SHA256: nextcloud-10.0.2.tar.bz2.sha256 or nextcloud-10.0.2.zip.sha256
SHA512: nextcloud-10.0.2.tar.bz2.sha512 or nextcloud-10.0.2.zip.sha512
PGP (Key): nextcloud-10.0.2.tar.bz2.asc or nextcloud-10.0.2.zip.asc

Changes

Some 90 changes were merged, among them:

• fix compatibility with older Firefox versions
• check what PHP version you run before upgrade
• make file system work with some specific settings
• fix small UI glitches
• translation improvements
• and more.

See a full list of integrated pull requests here.

Version 10.0.1 September 28 2016

Download: nextcloud-10.0.1.tar.bz2 or nextcloud-10.0.1.zip
Check the file integrity with:
MD5: nextcloud-10.0.1.tar.bz2.md5 or nextcloud-10.0.1.zip.md5
SHA256: nextcloud-10.0.1.tar.bz2.sha256 or nextcloud-10.0.1.zip.sha256
SHA512: nextcloud-10.0.1.tar.bz2.sha512 or nextcloud-10.0.1.zip.sha512
PGP (Key): nextcloud-10.0.1.tar.bz2.asc or nextcloud-10.0.1.zip.asc

Core

Enhancements

• Password policy is now also applied on user creation (server/1379)
• Add theming information to capabilities for the clients (server/1280)
• Allow space for federated share id search (server/1191)
• DAV: Return data-fingerprint always when asked (server/1176)
• Users page uses lazy multiselect group dropdowns (server/1174)
• Allow the config dir to be specified via environment variable (server/1081)

Bug fixes

• Don\'t print exception message in HTML (server/1343)
• Filter more mimetypes for VCF images (server/1340)
• Make OS X Finder work with WebDAV again (server/1331)
• Only match for Same-Site Cookie instead of all, makes Nextcloud work with OVH again (server/1331)
• Fix setting quota to default or unlimited (server/1327)
• Show download button instaed of the updater (server/1324)
• Fix required permissions for WebDAV move and copy (server/1320)
• Improve detection of file types in file firewall (server/1319)
• Use proper endpoint for updater server (server/1312)
• Correctly remove admin sections and settings when not required (server/1305)
• Move navigation entries without order to the end (server/1299)
• Allow to call status.php before the instance is installed (server/1288)
• Do not allow linebreaks and null bytes in paths (server/1231)
• Fix vendor name in PHP version warning (server/1209)
• Correctly handle multi-values when converting VCards to arrays (server/1207)
• Prevent error with orphaned shares when updating user mount cache (server/1200)
• Check if the file isReadable() before sending a (cached) preview (server/1184)
• Allow downgrades of maintenance accross vendors (server/1183)
• Fix oracle support of external storage app (server/1181)
• Before a user is getting scanned the database connection is reestablished (server/1159)
• Make sure file list files config always exists (server/1157)
• Fix issues with user settings and case-insensitivity (server/1156)
• Prevent parse error on editing an HTML comment (server/1140)
• Remove reading PATH_INFO from server variable (server/1104)
• Correct links to security and setup warnings (server/1074)
• Several files_external user enhancements (server/902)
• Fixed database conversion problem if a CardDAV entry had more than two components (server/1543)
• Folder drag was glitching in Firefox (server/1528)

Updater

Enhancements

• A new updater has been added improving the updater experience (https://github.com/nextcloud/updater)

Files Access Control

Enhancements

• Add link to documentation (files_accesscontrol/38)

Survey Client

Bug fixes

• Fix dismiss "send usage report" notification (survey_client/32)

Server Info

Bug fixes

• Fix size calculation for MariaDB (serverinfo/35)

Gallery

Bug fixes

• Improved error handling (gallery/157 / gallery/156)

Template Editor

Bug fixes

• Fix error message when restoring example template (templateeditor/11)

Trashbin

Bug fixes

• Remove error message for files without preview (server/1397)
• Detect proper mimetype for files (server/1367)

Sharing

Bug fixes

• Notification mails for shares are sent again (server/1394)
• Use original permissions for share owner (server/1391)

Encryption

Enhancements

• Skip shared files if files get decrypted only for a specific user (server/1345)

External User Backend

Bug fixes

• Detect anonymous auth on the server and ignore it (apps/9)

Theming

Enhancements

• Add icon for theming app (server/1294)
• Show loading spinner while uploading files (server/1186)
• Improve performance of the theming app by optimizing images and caching headers (server/1126)

SAML

Enhancements

• Additional configuration switch to use application specific passwords for desktop clients

Version 9.0.58 April 24 2017

Download: nextcloud-9.0.58.tar.bz2 or nextcloud-9.0.58.zip
Check the file integrity with:
MD5: nextcloud-9.0.58.tar.bz2.md5 or nextcloud-9.0.58.zip.md5
SHA256: nextcloud-9.0.58.tar.bz2.sha256 or nextcloud-9.0.58.zip.sha256
SHA512: nextcloud-9.0.58.tar.bz2.sha512 or nextcloud-9.0.58.zip.sha512
PGP (Key): nextcloud-9.0.58.tar.bz2.asc or nextcloud-9.0.58.zip.asc

Changes

Server

• Replace unecessary unescaped prints with print (server/4226)

User_SAML

• Bump to php-saml 2.10.5 (user_saml/102)