After upgrade to Hub 7 (28.0.4) get issues of security

  • Version Nextcloud Hub 7 (28.0.4)
  • Ubuntu 22.04
  • Apache 2.4 + Mod PHP
  • PHP 8.1.27
occ integrity:check-core
    - core/js/mimetypelist.js:
      - expected: 550ab566d30693bfa24ec4b15d9df87731ae8a3be8f79dabf94757e5b8b20eec6e4b678f17af1718297f2872f6b04519eeb024d1dff11947f29da431c7f11201
      - current: 301654cbbe168b8723530db88fd2e40ad688f4e6b0bdaeade5b4fe34bd94d9d3cfe760821e97dc792e585d4b6ccff838597bfd46466bb07d30ff84df4cb79518
    - core/img/filetypes/drawio.svg:
      - expected:
      - current: 92e0974cf869bf8ab969c3442dc2b80d55fde36441d22924db74916a06b407520aa2a9dc39336f9157195ebede697ffac0e639360879255ab91932d406e1897d
    - core/img/filetypes/dwb.svg:
      - expected:
      - current: 43731dd5f17a048112ea5109b40b02ec019b3ee2324385a0f448e3bd2264cb13dc160ab018d893f92f8e2f168fd09009b51578c8c6b97a02a1617c67ac087701

Apreciate help.

See Is there a command line to update to specific versions of Nextcloud? - #24 by SysKeeper and feel free to report to the apps repo :slight_smile:

How did you upgrade? If you do the manual upgrade, make sure to remove all the old code files first (not copy and replace the directory). (don’t delete the data folder and/or config folder).
Anyway, do a full backup before!

I see the exact same error as @abkrim under Ubuntu 22.04 with php8.1.

I started the update via WebUI updater and then finished things by running:

sudo -u www-data php /usr/share/nextcloud/occ upgrade
sudo -u www-data php /usr/share/nextcloud/occ maintenance:mode --off

as usual inside a terminal.

I upgraded twice today.
My initial version was 27.1.4. I upgraded this one to 27.1.8 and from there directly to 28.0.4.

I downloaded the Nextcloud releases 28.0.4 and 27.1.8.
The file mimetypelist.js inside the has the sha512 hash 550ab566d30693bfa24ec4b15d9df87731ae8a3be8f79dabf94757e5b8b20eec6e4b678f17af1718297f2872f6b04519eeb024d1dff11947f29da431c7f11201
the one inside 27.1.8 has

so it is not a leftover from the old installation.

The diff from 28.0.4 to the one under /usr/share/nextcloud/core/js/mimetypelist.js looks as follows:

--- /tmp/nextcloud-28.0.4/core/js/mimetypelist.js        2024-03-28 07:54:44.000000000 +0100
+++ mimetypelist.js     2024-03-29 13:35:30.964386786 +0100
@@ -13,6 +13,7 @@
     "application/font-sfnt": "font",
     "application/font-woff": "font",
     "application/gpx+xml": "location",
+    "application/gzip": "package/x-generic",
     "application/illustrator": "image",
     "application/javascript": "text/code",
     "application/json": "text/code",
@@ -80,7 +81,7 @@
     "application/x-fictionbook+xml": "text",
     "application/x-font": "font",
     "application/x-gimp": "image",
-    "application/x-gzip": "package/x-generic",
+    "application/x-gzip": "application/gzip",
     "application/x-iwork-keynote-sffkey": "x-office/presentation",
     "application/x-iwork-numbers-sffnumbers": "x-office/spreadsheet",
     "application/x-iwork-pages-sffpages": "x-office/document",
@@ -120,6 +121,8 @@
+    "drawio",
+    "dwb",

So how did the file get changed?

Upgrade from web. Web download package. After. run occ upgrade.

It seems like the issue is being caused by the app:

1 Like