Nextcloud 17 brings remote wipe, collaborative text editor and next generation secure watermarking

Welcome to Nextcloud 17! This release brings major new improvements, especially around security and team collaboration. You can go get the update or read on to find out what is new!

And much more, including:

• 🔐 Setup two-factor authentication after first login, admins can create one-time login tokens in the web UI and delegate this to group admins
• 📧 Secure mailbox in Outlook Add-in
• 👥 LDAP write support makes it possible to manage users from Nextcloud
• 💽 S3 versioning support, IBM Spectrum Scale integration and Global Scale with Collabora Online

note that we roll out new versions incrementally and usually wait a few weeks before we do so. This helps us catch any problems before it impacts too many users! If you wait for the updater to notify you, it can take some weeks. If you don’t want to wait, you can switch to the Beta channel, refresh the page, update to 17, and switch back!

Remote wipe

A major new feature in Nextcloud 17 is remote wipe. While many companies have Mobile Device Management, thanks to built-in support, remote wipe will work on systems not under management of the company. This is useful for home users but also large universities and of course in a scenario where guest accounts were handed to a third party. If you permit downloading of documents by the third party, you can wipe the documents from their devices when the the collaboration has ended.

Remote wipe can be used on a per-device basis by users and on a per-user base by the administrator.

Remote wipe as a user, per device

Remote wipe as admin, per user

Nextcloud Text

There are many moments when a light-weight, distraction-free text editor is the perfect solution for the task. Note taking, writing down thoughts or brainstorming a little don’t require advanced editors with thousands of features. Nextcloud Text is an integrated, collaborative markdown-based text editor and ships as part of Nextcloud 17. Compared to the test version we made available for Nextcloud 16, this version has much improved reliability and introduces plain text editing with syntax highlighting for code.

Learn how Nextcloud Text and Talk facilitate collaboration in this video.

Nextcloud text in short:

• Markdown-based
• Simple, efficient interface
• Any number of collaborators
• Support for bullets, headers, bold, italics, images and strike-through
• Sidebar with sharing, comments, versions, video chat and activity
• Plain text editing with syntax highlighting for many supported file formats

Learn more in our earlier announcement.

Secure view and watermarks for documents

Last December, Nextcloud 15 introduced the Hide Download menu option. Since then this feature was used to provide secure view functionality in Collabora Online and ONLYOFFICE. With Nextcloud 17, our secure view feature was expanded with admin settings for watermarked text to enforce watermarks on:

• public shares: option for all/read-only shares/hide download/tagged with (select a tag, for workflow integration)
• internal shares: option for all/read-only/no reshare/tagged with (select a tag, for workflow integration)

Note that the full range of options requires Collabora Online 4.1. For older versions only the ‚all‘ option works. ONLYOFFICE supports all these new capabilities as of today.

With secure view, our online office solutions can be configured to open PDF files, images and text files, making these files available in a watermark-protected way, while downloads and other apps are disabled using File Access Control. This setup is useful when data has to be protected from leaking but still has to be made available for review, like in a virtual data room scenario.

Watch a video of watermarking and our new secure mailbox below!

Configuring Secure View in Collabora

Setting a ‚confidential‘ tag

Secure view watermarked file

Secure mailbox for Outlook

The Outlook Add-in introduces the secure mailbox feature. This feature protects the contents (body) of email from interception by providing the recipient with a notification that a new email was received. The recipient then has to log in on their (guest) account to access the email and its attachments.

In combination with the READ.me app, the body of the email is shown on top of the file attachments. Each email is a folder, linked to in the email notification.

Watch our secure mailbox in action in the last minute of the video below.

Writing an email

Attaching files, enabling Secure Mailbox

Email as it will be sent to recipient

Recipient view in Secure Mailbox in Nextcloud

The example above sends the link and password to the recipient by email. The user can take out the password and send it through another channel. Alternatively, when a guest account is set up for the recipient, the Outlook add-in will detect this and instead share the message to the guest account and include an internal link in the email. The recipient will have to log into their guest account to access the email.

You might be familiar with this feature from banks, insurance, realtors and other organizations dealing with sensitive data. Protecting the content from emails from leaking is very hard and with the Secure Mailbox for Outlook feature, Nextcloud offers an integrated solution.

Two-factor authentication improvements

Two-factor authentication is very important to protect the security of Nextcloud accounts. Administrators can enforce the use of two-factor authentication and offer a number of options to users.

Nextcloud 17 introduces:

• Ability for users to setup 2FA after the first login it was enabled or enforced
• New Administrator settings:
  • Administrator can create one-time-login tokens for users who forgot or broke their second factor solution
  • Administrator can delegate the ability to create one-time-login tokens to group administrators

Nextcloud offers the following ’second factor‘ options, any number of which can be enabled by the system administrator and used to validate the login of a user:

• Time-based One-Time Password (TOTP, including Google Authenticator or similar apps
• Universal 2nd Factor hardware tokens (U2F, like Yubikeys or Nitrokeys, also supports NFC)
• Gateways: SMS, secure messaging apps Telegram, Signal and more
• Notification (just click to approve login on an existing device like a phone)
• User backup code (user has to generate these in advance and store them in a safe location)
• Administrator backup code (creating those can be delegated to group admins)

Active user sessions can be invalidated through a list, by removing the user in the admin settings or by changing passwords. Users can manage their own sessions and devices. Remote wipe is available from that same screen.

2FA enforcement settings, enforcing for guest users

2FA setup on first login

one-time login token creation

Security hardenings

Security is very important to Nextcloud users, and thus a core focus for the Nextcloud team. Every release comes with many improvements, and this is no different. These include:

• A new feature policy header
• Stricter CSP
• Suspicious login improvements

At the Nextcloud Conference, Nextcloud GmbH also announced a doubling of its security bug bounties to USD 10.000. This means an even larger incentive for security experts to find and responsibly report security problems to Nextcloud’s capable and responsive security team.

If you want to learn more about security in Nextcloud, we strongly recommend to read about the various layers of encryption in Nextcloud and how Nextcloud can save your business from ransomware attacks.

Performance, scalability and storage integration: IBM Spectrum Scale, Global Scale and S3.

This release delivers a number of improvements in the area of performance, scalability and storage integration.

Real time document collaboration with Global Scale

This release expands the capabilities of our unique Global Scale architecture to Collabora Online. Global Scale is designed to enable some of our largest customers to run a single Nextcloud instance with tens of millions of users. Collabora Online GS integration allows these users to seamlessly collaborate with each other on office documents.

Global Scale has been in production since 2017 in a commercial setup for tens of millions of users across 4 continents. Several other customers have deployed or began experimenting with Global Scale in the last years. Thanks to the new integration, Collabora Online installations at multi-million user scale are now set to roll out.

For smaller deployments, these changes are also relevant: users can now collaboratively edit documents across private Nextcloud servers!

See the Collabora/Nextcloud announcement of Global Scale integration here.

IBM Spectrum Scale integration

In collaboration with IBM, Nextcloud 17 introduces IBM Spectrum Scale integration.

IBM Spectrum Scale is a high-performance file system for managing data with the distinctive ability to perform analytics in place with comprehensive support for data access protocols including POSIX, NFS, SMB, HDFS and S3/Object. It can provide a single namespace for all this data, offering a single point of management with an intuitive graphical user interface. IBM Spectrum Scale offers high scalability, high availability, automated data management and reliability with no single point of failure in large file storage infrastructure.

On request of several major research organizations and universities, Nextcloud and IBM developed this integration between IBM’s Spectrum Scale and the Nextcloud storage layer. A white paper with more details can be found on the IBM website. An example use case would be when a research institute has a large storage system where research data is written to by scientific tools. Thanks to this integration, this data can be made available real time through Nextcloud and manipulated without the risk of accessing outdated information.

See the announcement of the Nextcloud and IBM collaboration here.

S3 versioning integration

Nextcloud 17 introduces S3 versioning support which allows a Nextcloud server to use the native versioning of S3 rather than its own. This allows a system administrator to manage versions using native S3 tools but, when used with S3 as external storage, also improves compatibility with other applications which access the same data. Nextcloud will then be able to recognize versions created by these other applications, and vice versa.

More responsive web interface and decreased server load

In every release, Nextcloud improves in performance and responsiveness of its user interface. For this release:

• We have significantly reduced the number of requests to the server on page loads
• We do more streaming when writing to storage
• A new event dispatcher interface does simpler linking and more lazy loading
• An initial state manager makes some pages feel more instant since it saves the initial ajax call to the backend

This should help decrease server load and improve the snappiness of the web interface.

Nextcloud Talk

With this Nextcloud version comes again a release of Nextcloud Talk. This release delivers the following improvements:

• 🛎 Lobby for webinars
• 🔗 Chats and calls on public shares
• 👤 Guest mentions
• 💬 Improved chat loading
• 🎙 Added a voice level indicator and notify the user when they speak while they are muted
• ➕ And much more!

Client releases!

We also recently made available releases of our Android, iOS and desktop clients!

• Fresh from the conference: Nextcloud Desktop client 2.6.0RC1 with new Login Flow, second test version of Virtual Drive (this release is now final and can be downloaded)
• Fresh from the conference: Nextcloud Android client 3.8 with U2F, TLS 1.3, remote wipe and more
• Fresh from the conference: Nextcloud iOS client release introduces new share view, dark mode, better performance

Note that the Android client will have FIDO2 support, which was developed in collaboration with Nitrokey and Cotech. Learn more in the blog by Cotech!

Even more

There is much more new and improved in this Nextcloud release. For example, we have a systems overview in the admin settings which shows system package versions to help the admin administer their system. Our monitoring view was overhauled and looks much nicer. Much work was also done in the area of usability and performance. Best check it out for yourself!

See our separate announcement about building virtual data rooms with Nextcloud 17 here.

We talked about Nextcloud 17 at the Nextcloud Conference. Other big news from the event included:

• Nextcloud GmbH doubles hackerOne Security Bug Bounties
• New Nextcloud developer program: work with us!
• Nextcloud 18: Flow makes it easy to automate actions and workflows