ownCloud v10.4.0 Release Notes

Release Date: 2020-01-10 // 11 days ago
  • The following sections list the changes in ownCloud core 10.4.0 relevant to ownCloud admins and users.

    Summary

    • 🛠 Bugfix - Fix links in setupchecks.js: #36315
    • 🛠 Bugfix - Inform the admin if they enable an enterprise app without valid key: #36351
    • 🛠 Bugfix - Set 599 HTTP code on error: #36413
    • 🛠 Bugfix - Fix "files:transfer-ownership" in S3 multibucket setups: #36464
    • 🛠 Bugfix - Fix Trash-bin api access: #36378
    • 🛠 Bugfix - Files shared with user cause purge of the trashbin content: #36494
    • 🛠 Bugfix - Enhance validation for sender e-mail address for e-mail notifications: #36505
    • 🛠 Bugfix - Suppress warning when resetting user password with masterkey encryption: #36523
    • 🛠 Bugfix - Receive multiple users for user sync command: #36576
    • 🛠 Bugfix - Fix null for empty path on Oracle: #36610
    • 🔄 Change - Validate reshare permissions and attributes based on supershare: #36265
    • 🔄 Change - Drop PHP 7.0 support across the platform: #36290
    • 🔄 Change - Don't report locking support in public.php and public-files endpoints: #36402
    • ⚡️ Change - Update handlebars library to 4.5.3: #36439
    • ⚡️ Change - Update Symfony polyfill components to 1.13.0: #36485
    • ⚡️ Change - Update sabre/http (5.0.2 => 5.0.5): #36490
    • ⚡️ Change - Update doctrine/cache (1.9.1 => 1.10.0): #36503
    • ⚡️ Change - Update Symfony components to 3.4.36: #36503
    • ⚡️ Change - Update punic/punic (3.4.0 => 3.5.0): #36508
    • ⚡️ Change - Update patchwork/utf8 (1.3.1 => 1.3.2): #36552
    • ⚡️ Change - Update league/flysystem (1.0.57 => 1.0.61): #36553
    • ⚡️ Change - Update pear/archive_tar (1.4.8 => 1.4.9): #36554
    • 🔄 Change - Protect public preview with password: #36571
    • 🔄 Change - Consolidate user/group share actions into single dropdown: #36587
    • ⚡️ Change - Update pear/pear_exception (v1.0.0 => v1.0.1): #36599
    • ⚡️ Change - Update myclabs/deep-copy (1.9.3 => 1.9.4): #36599
    • ⚡️ Change - Update phpspec/prophecy (1.9.0 => 1.10.0): #36603
    • ⚡️ Change - Update sabre/vobject (4.2.0 => 4.2.1): #36614
    • ⚡️ Change - Update league/flysystem (1.0.61 => 1.0.62): #36659
    • ⚡️ Change - Update zendframework/zend-validator (2.12.2 => 2.13.0): #36660
    • ⚡️ Change - Update egulias/email-validator (2.1.11 => 2.1.13): #36661
    • ⚡️ Change - Update phpdocumentor/reflection-docblock (4.3.2 => 4.3.4): #36661
    • ⚡️ Change - Update phpspec/prophecy (1.10.0 => 1.10.1): #36661
    • 🔄 Change - Zendframework dependency to laminas: #36677
    • ⚡️ Change - Update league/flysystem (1.0.62 => 1.0.63): #36709
    • 🔄 Change - Switch to new id3parser: #36717
    • ⚡️ Change - Update deepdiver1975/tarstreamer (0.1.1 => 2.0.0): #36722
    • ⚡️ Change - Update egulias/email-validator (2.1.13 => 2.1.14): #36726
    • ⚡️ Change - Update laminas dependencies: #36726
    • 🔄 Change - Validate OCS API Request Header in OCSController: #36762
    • ✨ Enhancement - MariaDb 10.3 support: #29483
    • ✨ Enhancement - PostgreSQL 10 support: #33187
    • Enhancement - Regex version for blacklisted_files and excluded_directories: #36360
    • ✨ Enhancement - Add an option to provide a mount in read only mode: #36397
    • ✨ Enhancement - Add user-sync OCS API: #36428
    • ✨ Enhancement - Support Oracle connection strings: #36489
    • ✨ Enhancement - Add enabled and disabled filter options to occ app:list command: #36520
    • ✨ Enhancement - Share indicator on webUI: #36572
    • ✨ Enhancement - Expiration date for user and group shares: #36573
    • ✨ Enhancement - Allow plus sign in username: #36613

    Details

    • 🛠 Bugfix - Fix links in setupchecks.js: #36315

    Security tips at Settings -> Admin -> General had two broken links to the owncloud docs in the messages performing HTTPS and HSTS checks

    https://github.com/owncloud/core/issues/36238 https://github.com/owncloud/core/pull/36315

    • 🛠 Bugfix - Inform the admin if they enable an enterprise app without valid key: #36351

    Previously no message was displayed but the app was not enabled.

    Now, when the admin tries to enable an enterprise app when the enterprise key is invalid, the message "cannot be enabled because of invalid enterprise key" is displayed.

    https://github.com/owncloud/core/issues/36351 https://github.com/owncloud/core/pull/36399

    • 🛠 Bugfix - Set 599 HTTP code on error: #36413

    Previously, a hard crash, such as DB being down, was being reported with a stacktrace and a 200 HTTP code. In order to homogenize the behaviour with all the endpoints, we've changed the behaviour to return a 599 HTTP code and an empty content.

    In addition, we've included a new option in the config.php, "crashdirectory", which defaults to the "datadirectory" set, where the crash logs will be created. Note that normal errors will still be reported normally and will log into the owncloud.log file.

    https://github.com/owncloud/core/pull/36413

    • 🛠 Bugfix - Fix "files:transfer-ownership" in S3 multibucket setups: #36464

    There were problems using the files:transfer-ownership in setups using files_primary_s3 against S3 storage with multibucket configuration, when some of the transferred files were shared with other people. This PR fixes that problem with the shares while transferring the files, allowing the files:transfer-ownership to finish correctly

    https://github.com/owncloud/core/pull/36464

    • 🛠 Bugfix - Fix Trash-bin api access: #36378

    Trash-bin API had allowed users to see the trash-bin content of other users.

    https://github.com/owncloud/core/issues/36378 https://github.com/owncloud/core/pull/36488

    • 🛠 Bugfix - Files shared with user cause purge of the trashbin content: #36494

    Files_trashbin app counted incoming shares on calculation of the occupied space. It caused purge of the trashbin content when trashbin_retention_obligation is auto, user has quota set and incoming shares exceed 50% of this quota.

    https://github.com/owncloud/core/pull/36494

    • 🛠 Bugfix - Enhance validation for sender e-mail address for e-mail notifications: #36505

    If a user wanted to use the e-mail notification mechanism in order to notify other users when creating public links as well as internal shares, an error was triggered if the e-mail address for this user was not set. The behavior has now been fixed.

    https://github.com/owncloud/core/pull/36505

    • 🛠 Bugfix - Suppress warning when resetting user password with masterkey encryption: #36523

    When an admin wanted to reset user's password over the Users management page with masterkey encryption in place, a warning was displayed about data recovery not being available. The behavior has now been fixed.

    https://github.com/owncloud/core/pull/36523

    • 🛠 Bugfix - Receive multiple users for user sync command: #36576

    Recieve multiple users for user sync command. Previously when multiple users were returned, an exception was thrown and the command was aborted. In this fix we allow multiple users to be returned, and we check for the uid provided by the admin matches with the returned users. And if we find matches of more than one users with same uid, then we throw the exception that was thrown previously. The messages are kept intact.

    https://github.com/owncloud/core/pull/36576

    • 🛠 Bugfix - Fix null for empty path on Oracle: #36610

    An empty path was fetched as null and not as an empty string. Due to the strict comparison it caused the list of mounts for the existing fileId to be empty. So the higher level code relaying on the mounts list got an empty list and did nothing.

    https://github.com/owncloud/core/pull/36610

    • 🔄 Change - Validate reshare permissions and attributes based on supershare: #36265

    This change provides a uniform way that reshare permissions and attributes are internally checked and enforced. There is no change to external behaviour.

    https://github.com/owncloud/core/pull/36265

    • 🔄 Change - Drop PHP 7.0 support across the platform: #36290

    Support for security fixes for PHP 7.0 ended 1 Jan 2019 ownCloud core no longer supports PHP 7.0. Ensure that you are using PHP 7.1 or later.

    https://github.com/owncloud/core/pull/36290 https://www.php.net/supported-versions.php

    • 🔄 Change - Don't report locking support in public.php and public-files endpoints: #36402

    Public endpoints were reporting locking support even though the backend were rejecting those requests. This was causing a problem accessing a publicly shared document using libreoffice opening the file through webdav (libreoffice was complaining about a Forbidden error trying to lock the file)

    With these changes, libreoffice will show a warning while opening the remote file (from a public link) if the file is already locked, letting the user choose what to do. If there is no lock, the file will be opened normally, but it won't be locked.

    Following changes are expected: * LOCK and UNLOCK methods won't be reported as allowed * Lock information (d:lockdiscovery) and support (d:supportedlock) will be shown in the propfind if requested (lock support is needed for libreoffice to try to lock the file) * Trying to lock the file through public link will either throw a Locked exception if there is a lock in place, or MethodNotAllowed if there are no locks (the Locked exception is needed for libreoffice to show a popup warning the user that the file is locked)

    https://github.com/owncloud/core/pull/36402

    • ⚡️ Change - Update handlebars library to 4.5.3: #36439

    The @bower_components/handlebars library has been updated from 4.1.2 to 4.5.3.

    https://github.com/owncloud/core/pull/36439 https://github.com/owncloud/core/pull/36438

    • ⚡️ Change - Update Symfony polyfill components to 1.13.0: #36485

    The following Symfony polyfill components have been updated to version 1.13.0: - polyfill-iconv - polyfill-php72 - polyfill-mbstring - polyfill-intl-idn - polyfill-util - polyfill-php56 - polyfill-ctype

    https://github.com/owncloud/core/pull/36485 https://github.com/symfony/polyfill/releases/tag/v1.13.0

    • ⚡️ Change - Update sabre/http (5.0.2 => 5.0.5): #36490

    Includes functionality to significantly improve file download speed by enabling mmap based stream_copy_to_stream.

    https://github.com/owncloud/core/pull/36490

    • ⚡️ Change - Update doctrine/cache (1.9.1 => 1.10.0): #36503

    https://github.com/owncloud/core/pull/36503

    • ⚡️ Change - Update Symfony components to 3.4.36: #36503

    The following Symfony components have been updated to version 3.4.36: - console - debug - event-dispatcher - polyfill-mbstring - process - translation - routing

    The following Symfony polyfill components have been updated to 1.31.1: - polyfill-util - polyfill-php56 - polyfill-iconv - polyfill-php72 - polyfill-intl-idn - polyfill-ctype

    https://github.com/owncloud/core/pull/36503 https://symfony.com/blog/symfony-3-4-36-released

    • ⚡️ Change - Update punic/punic (3.4.0 => 3.5.0): #36508

    https://github.com/owncloud/core/pull/36508

    • ⚡️ Change - Update patchwork/utf8 (1.3.1 => 1.3.2): #36552

    https://github.com/owncloud/core/pull/36552

    • ⚡️ Change - Update league/flysystem (1.0.57 => 1.0.61): #36553

    https://github.com/owncloud/core/pull/36553

    • ⚡️ Change - Update pear/archive_tar (1.4.8 => 1.4.9): #36554

    https://github.com/owncloud/core/pull/36554

    • 🔄 Change - Protect public preview with password: #36571

    The preview route for password protected shares was accessible without the password.

    https://github.com/owncloud/core/pull/36571

    • 🔄 Change - Consolidate user/group share actions into single dropdown: #36587

    User and group share actions are grouped inside a dropdown which can be toggled via the cogwheel. This dropdown holds all related additional info and actions such as permissions, expiration, etc.

    https://github.com/owncloud/core/pull/36587

    • ⚡️ Change - Update pear/pear_exception (v1.0.0 => v1.0.1): #36599

    https://github.com/owncloud/core/pull/36599

    • ⚡️ Change - Update myclabs/deep-copy (1.9.3 => 1.9.4): #36599

    https://github.com/owncloud/core/pull/36599

    • ⚡️ Change - Update phpspec/prophecy (1.9.0 => 1.10.0): #36603

    https://github.com/owncloud/core/pull/36603

    • ⚡️ Change - Update sabre/vobject (4.2.0 => 4.2.1): #36614

    https://github.com/owncloud/core/pull/36614

    • ⚡️ Change - Update league/flysystem (1.0.61 => 1.0.62): #36659

    https://github.com/owncloud/core/pull/36659

    • ⚡️ Change - Update zendframework/zend-validator (2.12.2 => 2.13.0): #36660

    https://github.com/owncloud/core/pull/36660

    • ⚡️ Change - Update egulias/email-validator (2.1.11 => 2.1.13): #36661

    https://github.com/owncloud/core/pull/36661

    • ⚡️ Change - Update phpdocumentor/reflection-docblock (4.3.2 => 4.3.4): #36661

    https://github.com/owncloud/core/pull/36661

    • ⚡️ Change - Update phpspec/prophecy (1.10.0 => 1.10.1): #36661

    https://github.com/owncloud/core/pull/36661

    • 🔄 Change - Zendframework dependency to laminas: #36677

    Zend framework changed to be known as laminas. The dependencies are updated.

    https://github.com/owncloud/core/pull/36677

    • ⚡️ Change - Update league/flysystem (1.0.62 => 1.0.63): #36709

    https://github.com/owncloud/core/pull/36709

    • 🔄 Change - Switch to new id3parser: #36717

    The previous lukasreschke/id3parser library was archived. Use the new one published as christophwurst/id3parser

    https://github.com/owncloud/core/issues/36717 https://github.com/owncloud/core/pull/36718

    • ⚡️ Change - Update deepdiver1975/tarstreamer (0.1.1 => 2.0.0): #36722

    https://github.com/owncloud/core/pull/36722

    • ⚡️ Change - Update egulias/email-validator (2.1.13 => 2.1.14): #36726

    https://github.com/owncloud/core/issues/36726 https://github.com/owncloud/core/pull/36727

    • ⚡️ Change - Update laminas dependencies: #36726

    Update laminas/laminas-zendframework-bridge (1.0.0 => 1.0.1) Update laminas/laminas-filter (2.9.2 => 2.9.3)

    https://github.com/owncloud/core/issues/36726 https://github.com/owncloud/core/pull/36727

    • 🔄 Change - Validate OCS API Request Header in OCSController: #36762

    Any OCS request has to send the header OCS-APIREQUEST to comply to the specification. This is now properly validated on OCSController based implementations.

    https://github.com/owncloud/core/pull/36762

    • ✨ Enhancement - MariaDb 10.3 support: #29483

    MariaDb 10.3 is now supported

    https://github.com/owncloud/core/issues/29483 https://github.com/owncloud/core/pull/36290

    • ✨ Enhancement - PostgreSQL 10 support: #33187

    PostgreSQL 10 is now supported

    https://github.com/owncloud/core/issues/33187 https://github.com/owncloud/core/pull/36290

    • Enhancement - Regex version for blacklisted_files and excluded_directories: #36360

    Adds two config options blacklisted_files_regex and excluded_directories_regex to enable more flexible pattern matches. With this you can, for example, disable the upload of Microsoft Outlook .pst files or the creation of directories containing _backup.

    https://github.com/owncloud/core/pull/36360

    • ✨ Enhancement - Add an option to provide a mount in read only mode: #36397

    Adds a new option in the mount settings to provide a mount in read only mode. This enables users or admins to provide a write protected mount independent of any backend settings. The sync client automatically respects this mount setting without any additional intervention.

    https://github.com/owncloud/core/pull/36397

    • ✨ Enhancement - Add user-sync OCS API: #36428

    We added a new user sync ocs api to provide an http api for external user provisioning systems to trigger a user-sync for a specific user.

    Authorization: The http API can only be executed by a user with admin privileges. Suggestion is to create a technical user who is in the admin group.

    Route: curl -X POST http://your.domain/ocs/v2.php/cloud/user-sync/admin -v -u admin

    Response: 200 - if sync was executed, 404 - given userId is unknown, 409 - multiple users have been found for the given user id - not unique user criteria

    https://github.com/owncloud/core/pull/36428

    • ✨ Enhancement - Support Oracle connection strings: #36489

    To be able to use Oracle specific configuration settings like fail over support for Oracle connection strings has been added. https://docs.oracle.com/database/121/HABPT/config_fcf.htm#HABPT4967

    https://github.com/owncloud/core/pull/36489

    • ✨ Enhancement - Add enabled and disabled filter options to occ app:list command: #36520

    The occ app:list command now supports the --enabled and --disabled options

    Occ app:list --enabled Displays just the enabled apps.

    Occ app:list --disabled Displays just the disabled apps.

    If a disabled app was enabled in the past, then the previously-enabled version of the app is now displayed in the disabled apps list.

    https://github.com/owncloud/core/pull/36520

    • ✨ Enhancement - Share indicator on webUI: #36572

    The file list in the webUI now shows a share indicator on files and folders that reside inside a shared folder. The sidebar sharing tab reveals a detailed view of the share-tree including share-recipients and the parent folder that has been shared.

    https://github.com/owncloud/core/pull/36572

    • ✨ Enhancement - Expiration date for user and group shares: #36573

    Shares with users and/or groups can now be given an expiration date. If the default expiration date is enabled then the default expiration is 7 days in the future. The default expiration date can be modified by the administrator. The default expiration date can be enforced as the maximum expiration date of a share. In that case the user can select a shorter expiration, but not longer.

    The settings are disabled by default, preserving the existing behavior. They can be enabled on the admin sharing settings page. They can be set independently for user and group shares.

    https://github.com/owncloud/core/pull/36573

    • ✨ Enhancement - Allow plus sign in username: #36613

    The plus sign is now allowed in a username, e.g. John+Smith

    https://github.com/owncloud/core/pull/36613


Previous changes from v10.3.2