Welcome to 2017! Our new year resolution: continue to provide you the safest, most secure way to protect your data!
Today Nextcloud makes available updates for Nextcloud 9, 10 and 11 with a number of bug fixes and a precautionary update for the SwiftMailer vulnerability discovered recently. We recommend to update at your earliest convenience. Read on to find out what has changed.
Fixes
Nextcloud 11.0.1 introduces about two dozen fixes dealing with Safari’s lack of decent CSPv3 support, a fix for LDAP issues, the Calendar/Contact DAV endpoint and more. About a dozen is relevant for 10.0.3, making updates more reliable and fixing some translation and visual issues.
This library in question is also used by Nextcloud and we’ve immediately begun analyzing the vulnerability as well as it’s exploitation path. After extensive analysis by members of our security team we believe that a standard Nextcloud server installation is not affected by this specific vulnerability. However, as we include the library in our public programming API third-party app authors may call the library in an exploitable way.
Security Matters
Nextcloud takes security very seriously and protecting user data is of utmost importance to us. We want to state again, that this is purely a security pre-caution and based on our research this seems like a non-exploitable issue in a default Nextcloud server installation. However, as we didn’t want to take even any slightly theoretical chance of exploitation we’ve decided to err on the side of caution to protect our users.
Nextcloud employs dedicated security personnel, is subject to regular penetration testing, static and dynamic analysis and offers bug bounties up to $5,000 for critical security vulnerabilities.
We made available the updates for Nextcloud 9, 10 and 11 on our download server and via the updater. If you are on the latest version you will receive an update notification. Due to staged roll-outs the update notification does not come at once for all users. You can expect to be notified at the latest by the end of next week. Users on Nextcloud 10 or 11 can bypass the waiting period by setting their release channel to ‘beta’ to immediately receive Nextcloud 11.0.1.
We recommend to update at your earliest convenience. Get the latest Nextcloud 11 from our download page and earlier releases from the changelog page.
We updated Nextcloud server releasing updates for Hub 4, 6, and 7. With current update, Hub 4 reaches its end of life. We recommend you to update your Nextcloud, as it is always a quick and safe process.
We are excited to announce SpaceNet as a new sponsor of the Nextcloud Enterprise Day, a leading provider offering tailored Nextcloud hosting solutions that ensure robust security, efficiency, and data sovereignty.
We're thrilled to reveal T-Systems, part of Deutsche Telekom and a prominent global IT service provider, as the latest sponsor of Nextcloud Enterprise Day. Join us on April 24, 2024, in Munich, Germany, for this pivotal event.
Salviamo alcuni cookie per contare i visitatori e rendere il sito più facile da usare. Questi dati non lasciano il nostro server e non servono a tracciare il tuo profilo personale! Per maggiori informazioni, consulta la nostra Informativa sulla privacy. Personalizza
I cookie statistici raccolgono informazioni in forma anonima e ci aiutano a capire come i visitatori utilizzano il nostro sito web. Utilizziamo Matomo on-premises
Matomo
_pk_ses*: Conta la prima visita dell'utente
_pk_id*: Aiuta a non contare due volte le visite.