ownCloud Server 10.13.1 released: Critical security fixes included

Please find below the changes and known issues in ownCloud Server 10.13.1 that need your attention. You can also read the full ownCloud Server changelog for further details on what has changed.

Critical Security Updates - Upgrade As Soon As Possible

This release and the updated apps below include critical security fixes which require your immediate attention. Please upgrade as soon as possible.

Open in Web Improvements

The “Open in Web” feature for direct editing of office documents now properly works on iOS and Desktop clients with Collabora. #40958

Avoid Loading 3rd-party Resources

The “Open in Web” configuration offers icons to be shown in the clients. This is e.g. used by the iOS 12.0.3 client. We now ship the icons embedded in core. #40953

Notable Changes

  • Fix: disallow pre-signed url access if the signing key is not initialized. #40962
  • New code was added to dismiss invalid settings of the redirection endpoint URI as seen in the OAuth2 protocol, according to RFC#7636. oauth2#359

Updated App Versions

Find below a list of updated apps in comparison with the 10.13.0 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

Known Issues

  • A cron job related to cleaning up left over thumbnails was not properly enabled in the past (PreviewCleanupJob). In 10.13.0 the code was fixed, and the job started running. However, in certain cases with an exceptionally high number of potential cleanups, this job can now take up a substantial amount of database resources. We propose to temporarily disable the offending job until we have a fix (in 10.13.2 or 10.14).

For more details, such as other notable changes, please read the full Release Notes :: ownCloud Documentation and our Server Changelog - ownCloud.

Download is available from Download Server Packages - ownCloud