Important changes to ownCloud Server container deployments

Due to a security issue in our ownCloud Server container, we had to change how the ownCloud Server setting for trusted domains is handled.

Background:

While in the past the container automatically set the trusted domain based on the HTTP_X_FORWARDED_HOST or SERVER_NAME request header, this behavior has changed, and the trusted domains now need to be set explicitly via the OWNCLOUD_TRUSTED_DOMAINS environment variable. It is also possible to set multiple values with a comma separated list.

What to do:

For container deployments, it’s required to add the external domain of the ownCloud instance to OWNCLOUD_TRUSTED_DOMAINS, for example OWNCLOUD_TRUSTED_DOMAINS=mycloud.example.com. If there are still error messages like You are accessing the server from an untrusted domain in the web UI, please check the trusted domains setting again.

Affected container tags:

All container tags <= 10.11.x are affected, but we have applied the fix only to tags >= 10.10.x. Other container tags keep the old behavior, but we recommend upgrading to at least 10.10.x.

For more details, see the advisory.

1 Like

Related topics:

1 Like