This update for nextcloud fixes the following issues:
Update to 20.0.14
Security issues fixed:
- CVE-2021-41179: Fix boo#1192028 - (CWE-304): Two-Factor Authentication not enforced for pages marked as public
- CVE-2021-41178: Fix boo#1192030 - (CWE-434): File Traversal affecting SVG files on Nextcloud Server
- CVE-2021-41177: Fix boo#1192031 - (CWE-799): Rate-limits not working on instances without configured memory cache backend
Changes:
- Add command to repair broken filesystem trees (server#26630)
- Ensure that user and group IDs in LDAP's tables are also max 64chars (server#28971)
- Change output format of Psalm to Github (server#29048)
- File-upload: Correctly handle error responses for HTTP2 (server#29069)
- Allow 'TwoFactor Nextcloud Notifications' to pull the state of the 2F… (server#29072)
- Add a few sensitive config keys (server#29085)
- Fix path of file_get_contents (server#29095)
- Update the certificate bundle (server#29098)
- Keep pw based auth tokens valid when pw-less login happens (server#29131)
- Properly handle folder deletion on external s3 storage (server#29158)
- Tokens without password should not trigger changed password invalidation (server#29166)
- Don't further setup disabled users when logging in with apache (server#29167)
- Add 'supported'-label to all supported apps (server#29181)
- 21] generate a better optimized query for path prefix search filters (server#29192)
- Keep group restrictions when reenabling apps after an update (server#29198)
- Add proper message to created share not found (server#29205)
- Add documentation for files_no_background_scan (server#29219)
- Don't setup the filesystem to check for a favicon we don't use anyway (server#29223)
- Fix background scan doc in config (server#29253)
- Get
filesize() if file_exists() (server#29290)
- Fix unable to login errors due to file system not being initialized (server#29291)
- Update 3rdparty ref (server#29297)
- Bump icewind/streams from 0.7.3 to 0.7.5 in...