This update for nextcloud fixes the following issues:
Update to 20.0.12
Fix boo#1190291:
- CVE-2021-32766 (CWE-209): Generation of Error Message Containing Sensitive Information
- CVE-2021-32800 (CWE-306): Missing Authentication for Critical Function
- CVE-2021-32801 (CWE-532): Insertion of Sensitive Information into Log File
- CVE-2021-32802 (CWE-829): Inclusion of Functionality from Untrusted Control Sphere
Changes
- Bump vue-router from 3.4.3 to 3.4.9 (server#27224)
- Bump v-click-outside from 3.1.1 to 3.1.2 (server#27232)
- Bump url-search-params-polyfill from 8.1.0 to 8.1.1 (server#27236)
- Bump debounce from 1.2.0 to 1.2.1 (server#27646)
- Bump vue and vue-template-compiler (server#27701)
- Design fixes to app-settings button (server#27745)
- Reset checksum when writing files to object store (server#27754)
- Run s3 tests again (server#27804)
- Fix in locking cache check (server#27829)
- Bump dompurify from 2.2.8 to 2.2.9 (server#27836)
- Make search popup usable on mobile, too (server#27858)
- Cache images on browser (server#27863)
- Fix dark theme on public link shares (server#27895)
- Make user status usable on mobile (server#27897)
- Do not escape display name in dashboard welcome text (server#27913)
- Bump moment-timezone from 0.5.31 to 0.5.33 (server#27924)
- Fix newfileMenu on public page (server#27941)
- Fix svg icons disapearing in app navigation when text overflows (server#27955)
- Bump bootstrap from 4.5.2 to 4.5.3 (server#27965)
- Show registered breadcrumb detail views in breadcrumb menu (server#27970)
- Fix regression in file sidebar (server#27976)
- Bump exports-loader from 1.1.0 to 1.1.1 (server#27984)
- Bump @nextcloud/capabilities from 1.0.2 to 1.0.4 (server#27985)
- Bump @nextcloud/vue-dashboard from 1.0.0 to 1.0.1 (server#27988)
- Improve notcreatable permissions hint (server#28006)
- Update CRL due to revoked twofactor_nextcloud_notification.crt (server#28018)
- Bump sass-loader from 10.0.2 to 10.0.5 (server#28032)
- Increase...