This update for nextcloud fixes the following issues:
nextcloud was updated to 20.0.11:
- Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not applied
- Fix boo#1188248 - CVE-2021-32679: filenames where not escaped by default in controllers using DownloadResponse
- Fix boo#1188249 - CVE-2021-32680: share expiration date wasn't properly logged
- Fix boo#1188250 - CVE-2021-32688: lacking permission check with application specific tokens
- Fix boo#1188251 - CVE-2021-32703: lack of ratelimiting on the shareinfo endpoint
- Fix boo#1188252 - CVE-2021-32705: lack of ratelimiting on the public DAV endpoint
- Fix boo#1188253 - CVE-2021-32725: default share permissions were not being respected for federated reshares of files and folders
- Fix boo#1188254 - CVE-2021-32726: webauthn tokens were not deleted after a user has been deleted
- Fix boo#1188255 - CVE-2021-32734: possible full path disclosure on shared files
- Fix boo#1188256 - CVE-2021-32741: lack of ratelimiting on the public share link mount endpoint
- Bump handlebars from 4.7.6 to 4.7.7 (server#26900)
- Bump lodash from 4.17.20 to 4.17.21 (server#26909)
- Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26920)
- Don't break OCC if an app is breaking in it's Application class (server#26954)
- Add bruteforce protection to the shareinfo endpoint (server#26956)
- Ignore readonly flag for directories (server#26965)
- Throttle MountPublicLinkController when share is not found (server#26971)
- Respect default share permissions for federated reshares (server#27001)
- Harden apptoken check (server#27014)
- Use parent wrapper to properly handle moves on the same source/target storage (server#27016)
- Fix error when using CORS with no auth credentials (server#27027)
- Fix return value of getStorageInfo when 'quota_include_external_storage' is enabled (server#27108)
- Bump patch dependencies (server#27183)
- Use noreply@ as email address for share emails (server#27209)
- Bump p-queue from 6.6.1 to 6.6.2...