Due to a security issue in our ownCloud Server container, we had to change how the ownCloud Server setting for trusted domains is handled.
Background:
While in the past the container automatically set the trusted domain based on the HTTP_X_FORWARDED_HOST
or SERVER_NAME
request header, this behavior has changed, and the trusted domains now need to be set explicitly via the OWNCLOUD_TRUSTED_DOMAINS
environment variable. It is also possible to set multiple values with a comma separated list.
What to do:
For container deployments, it’s required to add the external domain of the ownCloud instance to OWNCLOUD_TRUSTED_DOMAINS
, for example OWNCLOUD_TRUSTED_DOMAINS=mycloud.example.com
. If there are still error messages like You are accessing the server from an untrusted domain
in the web UI, please check the trusted domains setting again.
Affected container tags:
All container tags <= 10.11.x
are affected, but we have applied the fix only to tags >= 10.10.x
. Other container tags keep the old behavior, but we recommend upgrading to at least 10.10.x
.
For more details, see the advisory.