ownCloud Server 10.13 released: Enforcable 2-Factor-Authentication and "Open in Web" from Mobile apps

We are happy to announce the immediate release of ownCloud Server 10.13 with many new features requested by our customers and the community. Among them, most important is the new enforcement of Two-Factor Authentification (2FA) via Time-based One-Time Passwords (TOTP) – a feature many need to comply with security policies.
We continue to recommend as a first choice a central identity management solution implementing Open ID Connect (OIDC) with which you can enforce any type of authentication, including passwordless authentication.

Additionally we have focused on Kerberos Authentication for our Enterprise customers.

While a complete list of changes can be found in the ownCloud Server changelog and more details in the ownCloud Release Notes :: ownCloud

New Highlights:

Enforce Two-Factor Authentication

If Two-Factor Authentication is enforced, all users will be required to use an app capable of 2FA. At least one such app is necessary for this feature, otherwise no enforcement will be done. Admins can define special groups that may be excluded from 2FA: Their group members can bypass Two-Factor authentication. #40830

Kerberos Authentication

Enterprise customers now benefit from owncloud 10.13’s Kerberos support both for login and via delegation in the Windows Network Drive app. For the user, this means less logins, less password entries and a much more efficient workflow: There’s additional single-sign-on options and no need to save usernames and passwords of LDAP users in order to access SMB/CIFS shares in your on-premises environment.

This enhancement will already be available in the next version of the WND app (for our enterprise customers) and an additional Kerberos login app will soon be available in our marketplace. To implement this, we recommend our consulting services. Please contact sales@owncloud.com for an offer.

Implement App Registry (Open in Web)

By using a new option Open in... in the iOS (version 12.0.3+) or Desktop client (version 4.0+) it is now possible to directly open a file in the Office Suite being installed on the ownCloud server. (#40843) This is a great feature further enhancing and extending our office integrations to the mobile apps!

Additional Features and important Fixes:

Added occ Command to Remove Obsolete Storages

Metadata coming from any storage are kept in ownCloud’s database. Previously, when a storage was removed from ownCloud, its metadata remained. The new occ command allows removing these obsolete metadata, reducing both the amount of space used by the DB as well as improving the performance (there’s simply less entries). (#40779)

Update Symfony from 4.4.* to 5.4.*

The Symfony PHP framework has been updated to LTS major version 5.4. This also affected a number of apps which required a new release and have been now included in the complete bundle.

Setup of User Key Encryption no longer available

User key encryption has been deprecated in ownCloud core versions later than 10.7. That’s why we removed the command line interface and web UI components that enabled user key encryption. If you are operating an ownCloud installation with user key encryption enabled, please get in contact with support@owncloud.com to plan a migration to master key encryption. (encryption#389)

User Key Encryption Is No Longer Auto-Enabled

Executing the occ command encryption:encrypt-all will no longer auto-enable user key encryption. (#40702)

Add Commands to Handle Trusted Servers from the Command Line

New occ commands have been added to handle the trusted servers for federation from the command line. These commands will allow the admin to add, list and remove trusted servers. (#40796)

Skip share_folder for Guest Users

When the config.php option share_folder was set, guest users could not longer see their received shares. We now skip the config.php option share_folder for guest users and default to root. (#40864)

Minimum search length will be applied for all shares

Remote shares will have the same restrictions as user and group shares. In order for a remote user to show up as a participant in a share (a “sharee”), the search term length must be longer than the minimum configured otherwise only exact matches will be shown. (#40885)

Clean up Storage and Database After Failed File Uploads

All remaining items of failed uploads will now be removed from storage and database. (#40892)

Setting Open Mode in the Checksum Wrapper

The checksum wrapper causes issues when uploading files to some external storages via the desktop client. We are using additional wrappers and the mode wasn’t being detected correctly in some cases. Only if the correct mode was set in the checksum wrapper, ownCloud could decide whether to discard the final checksum or not. Doing so could cause a checksum mismatch. Now the open mode in the checksum wrapper is set explicitly. (#40832)

Align to New accounts.google.com Authorization URI

Core 10.12.1 brought an update of the google/apiclient from version 2.12.6 to 2.13.1. However, in version 2.13.0 the accounts.google.com authorization URI has been updated. This change broke old code that uses the method setApprovalPrompt('force') instead of the newer setPrompt('consent'), as this endpoint does not support the legacy approval prompt parameter. This has been now fixed. (#40783)

Automatically Disable Online Updater for Enterprise

Online updater is not recommended for Enterprise installations and is now automatically disabled in such cases. (#40841)

Rely on Server to Sort the User List

Previously, the user list was sorted in the browser. This was causing confusion because the sorting happened without taking into account all the items, so there were some weird effects. There is no sorting in the browser now. The server is expected to return the list of users already sorted, so the browser just needs to show the list. #40840

Remove the add group button from the dropdowns in the users page

The add group button has been removed from the dropdowns because the behavior was confusing. You can still create new groups in the users page by using the add group button in the top left corner of the users page. The dropdowns will only select existing groups, but they won’t add new groups. #40770

Important: Internet Explorer 11 Deprecation Note

Internet Explorer 11 support will be dropped in the next server release.

Default Minimum Supported Desktop Client Version

To ensure clean and reliable operation of the ownCloud platform it is important to stay up-to-date with the latest releases of the server as well as the clients. To take care of compatibility between the server and desktop clients, the minimum version the server will accept connections from has been raised to version 3.2.1.

While it’s recommended to keep up with later versions, this is the new default value. #40876

Updated App Versions

Find below a list of updated apps in comparison with the 10.12.2 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

ownCloud 10.13 also includes a security fix. All known issues from server 10.12.x have been fixed. Currently there are no known issues with ownCloud Server 10.13.

Downloads are available at Download Server Packages - ownCloud


This has the unfortunate effect of eliminating Debian arm64 clients whose most recent pre-built distribution binaries are stuck at Anyone using the Linux environment on an ARM Chromebook is impacted by this change.

This is intended as a purely informational report and should not be mistaken for a complaint.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.