Final releases of 33.0.3 and 32.0.9

Final releases of 33.0.3 and 32.0.9 are now available!

Download

• Release 33.0.3 on GitHub

• Release 32.0.9 on GitHub

Changelogs

33.0.3

server

• Fix: show configuration options for external storage backends (server#58696)
• Fix(sharing): Align userid config key in UserPlugin with Manager (server#58989)
• Fix(oauth2): Do not store the code in throttle metadata (server#59155)
• Fix(ICalendar): allow to search for event URI (server#59161)
• Authoritative share - revival (server#59177)
• Feat(settings): Log AI config changes to audit log (server#59221)
• Perf(preview): bulk process preview regeneration (server#59234)
• Fix: Fix user in Tags class, do not depend upon session (server#59236)
• Fix(chunkedUploads): Ensure max parallel count is at least 1 (server#59302)
• Fix: use unjailed source path when moving jailed files (server#59310)
• Fix: cache validation of system keys (server#59314)
• Fix(weather_status): add all missing met.no symbol codes to weatherOptions (server#59346)
• Fix: manually set modified time to SFTP files after editing (server#59351)
• Fix(filesDrop): drag-and-drop folder upload (server#59368)
• Chore: Remove incorrect resource typing in ILDAPProvider (server#59381)
• Fix(zip): Fix warning when downloading Zip file (server#59383)
• Fix: update email button text to ‘Open shared item’ (server#59396)
• Fix(files_external): properly set default values for backend options (server#59397)
• Fix(settings): Don’t register invalid routes (server#59399)
• Fix(lib): templates core path detection (server#59401)
• Docs(webhook_listeners): adapt codeowners (server#59404)
• Fix(file-search): use default limit to search query if not provided on request body (server#59409)
• Fix: duplicate dashboard widget (server#59412)
• Fix(user_ldap): fix lastLogin reading wrong appid and configkey (server#59421)
• Feat(talk): Allow to create conversations that are meetings (server#59479)
• Fix(zip): suppress sabre/dav response only if stream was actually sent (server#59482)
• Fix(systemtags): only render inline list of tags if there are some (server#59488)
• Fix(settings): hide list of webauthn devices if empty (server#59491)
• Fix(dashboard): remove status list if there are none (server#59492)
• Fix(files): properly handle dropped files on subfolders (server#59510)
• Fix(trashbin): keep cache and db consistent (server#59512)
• Fix(updater): Make “maintenance mode kept active” more obvious (server#59524)
• Build(deps): bump phpseclib/phpseclib from 2.0.47 to 2.0.52 (server#59528)
• Fix(settings): do not show admin section container if empty (server#59534)
• Fix: profile page on small screens (server#59538)
• Fix(sharing): show common confirmation on password reset (server#59545)
• Fix(workflowengine): remove non existing script loading (server#59547)
• Only mask the permissions for the users home directory for public shares (server#59552)
• Build(deps): bump aws/aws-sdk-php to 3.376 (server#59559)
• Docs(workflowengine): Remove reference of removed method (server#59568)
• Fix(user_ldap): Do not require credentials in wizard (server#59570)
• Fix(testing): Fix fake provider reverting strings with emojis (server#59571)
• Test: Add integration test to confirm a user can not add themselves t… (server#59604)
• Fix(apppasswords): Require password also on delete and update (server#59608)
• Fix(sharing): Don’t give a reason when share from disabled user is no… (server#59612)
• Fix(notifications): Require absolute links for support of desktop and mobile clients (server#59615)
• Chore: update haze to 2.2.1 (server#59622)
• Feat(user_ldap): Add config for partial search prefix wildcard use (server#59634)
• Test(integration): Add integration test for accept share (server#59638)
• Fix(Util): `getScripts` also need to reorder core translations (server#59643)
• Perf: don’t fetch child mounts when getting node parent (server#59645)
• Fix: fix LazyUserFolder::getMountPoint (server#59655)
• Fix(files): remove error message when closing the “Open locally” dialog (server#59657)
• Feat(recent-files): allow configuring image grouping (server#59667)
• Fix(files): add missing table header for actions column (server#59674)
• Restore missing apps on upgrade (server#59686)
• Build(deps): bump phpseclib/phpseclib to 2.0.53 (server#59688)
• Fix(DB): Ignore intentionally missing fs_storage_path_prefix index on PostgreSQL (server#59725)
• Fix(federation): Also sign requests with NCU providers (server#59726)
• Fix(ocm): Correctly track OCM requests (server#59727)
• Fix(profile): normalize profile visibility (server#59734)
• Fix(files): only disable template creation when both skeleton directories are empty (server#59749)
• Fix app name not translated in the title of public pages (server#59756)
• Test(integration): add tests for calendar delegation (server#59763)
• Fix(oauth2): Add missing urlencode for failure redirection (server#59772)
• Fix: Reduce the mixups between apptokens and session ids (server#59775)
• Fix: Add missing PasswordConfirmationRequired attributes (server#59789)
• Hide share token if share has more permissions than the current user (server#59793)
• Avoid undefined array key sharing request (server#59834)
• Chore: Improve SVG handling in link previews (server#59836)
• Fix(ImipService): Refactor `IMipService` to improve performance (server#59847)
• Fix(dav): unify content disposition header escaping (server#59852)
• Fix(dav): do not list intermediate files (server#59854)
• Mounts index swap path root 33 (server#59855)
• Fix(files): do not show convert-file action in view-only shares (server#59865)
• Feat(files_external): convert to delegated settings (server#59870)
• Wrap oauth2 token rotation in a transaction (server#59879)
• Fix(webhook-listeners): hour lifetime of tokens (server#59882)
• Fix(files_sharing): Restore password guard return for new public shares (server#59892)
• Fix: use proper index when deleting mounts (server#59897)
• Fix(teams-api): adjust resource filtering (server#59927)
• Fix(files): keep reactivity when destructure store (server#59957)
• Fix: add ACLs for calender delegation (server#59964)

3rdparty

• Build(deps): bump aws/aws-sdk-php to 3.376 (3rdparty#2370)
• Build(deps): bump phpseclib/phpseclib to 2.0.53 (3rdparty#2384)

activity

• Feat: add download counter to activity sidebar (activity#2511)

app_api

• Fix(occ): preserve ExApp deploy options on update (#808) (app_api#841)
• Fix(proxy): commit on first matching route by path and verb (app_api#851)

circles

• Fix: secondary owncloud custom group admin permissions not migrated (circles#2427)
• Fix(mail): send internal link (circles#2442)
• Fix: update shares handling (circles#2456)
• Fix(shared-with-list): adjust resource filtering (circles#2467)

files_pdfviewer

• Fix handling of “enableScripting” data attribute (files_pdfviewer#1398)
• Allow PDF Forms calculations (files_pdfviewer#1409)

notifications

• Fix(mail): Only render links when they are absolute urls (notifications#2932)
• Fix(push): Limit user output (notifications#2934)
• Test: Adjust performance baseline (notifications#2957)

password_policy

• Fix: Check cookie logged in event (password_policy#933)
• Chore: Bump psalm version (password_policy#934)

photos

• Fix: do not show error on non accepted TOS (photos#3481)

survey_client

• Master] Update nextcloud/ocp dependency (survey_client#397)
• Ci(workflows): Update workflows and add couple of new standard ones (survey_client#400)

suspicious_login

• Ci: fix profile workflow undefined server checkout ref (suspicious_login#1103)

text

• Fix(editorApi): use onMentionSearch callback if provided (text#8422)
• Fix(checklist): don’t cross out checked list items (text#8424)
• Optimize cleanup job (text#8443)
• Fix(menubar): lower z-index: on top of document content, but below modals (text#8471)
• Fix(files): don’t offer “folder description” in file drop folders (text#8474)
• Fix(deps): bump phpunit and php-cs-fixer (text#8494)
• Fix: always validate share token if provided (text#8500)

updater

• Fix: verify integrity with URL override but allow to disable if needed (updater#724)
• Fix: broken upgrade via --url flag (updater#744)
• Feat(signature): allow to provide custom signature (updater#748)

viewer

• Fix: Try fixing too late handler registration for file actions (viewer#3129)
• Refactor: use new `@nextcloud/dialogs` functions (viewer#3148)
• Fix(ImageEditor): urldecode source name (viewer#3161)

32.0.9

server

• Fix: generate favourite icon without imagick svg support (server#58224)
• Fix(sharing): do not notify remote if owner and sharee are local users (server#58720)
• Feat: Add memcache_customprefix (server#58812)
• Fix federated reshares (server#58900)
• Fix(oauth2): Do not store the code in throttle metadata (server#59154)
• Fix: Fix user in Tags class, do not depend upon session (server#59237)
• Fix(chunkedUploads): Ensure max parallel count is at least 1 (server#59301)
• Fix: use unjailed source path when moving jailed files (server#59309)
• Fix: cache validation of system keys (server#59315)
• Fix(weather_status): add all missing met.no symbol codes to weatherOptions (server#59347)
• Fix(filesDrop): drag-and-drop folder upload (server#59367)
• Fix(zip): Fix warning when downloading Zip file (server#59384)
• Fix: update email button text to ‘Open shared item’ (server#59395)
• Fix(lib): templates core path detection (server#59400)
• Docs(webhook_listeners): adapt codeowners (server#59405)
• Fix(file-search): use default limit to search query if not provided on request body (server#59408)
• Fix(settings): do not show admin section container if empty (server#59428)
• Feat(talk): Allow to create conversations that are meetings (server#59478)
• Fix(theming): Fix favicon and touchicon ratios (server#59480)
• Chore: Remove incorrect resource typing in ILDAPProvider (server#59485)
• Fix(settings): hide list of webauthn devices if empty (server#59490)
• Fix(files): properly handle dropped files on subfolders (server#59509)
• Fix(trashbin): keep cache and db consistent (server#59513)
• Fix(updater): Make “maintenance mode kept active” more obvious (server#59523)
• Build(deps): bump phpseclib/phpseclib from 2.0.47 to 2.0.52 (server#59527)
• Only mask the permissions for the users home directory for public shares (server#59553)
• Build(deps): bump aws/aws-sdk-php to 3.376 (server#59560)
• Docs(workflowengine): Remove reference of removed method (server#59567)
• Test: Add integration test to confirm a user can not add themselves t… (server#59603)
• Fix(apppasswords): Require password also on delete and update (server#59607)
• Fix(sharing): Don’t give a reason when share from disabled user is no… (server#59611)
• Fix(notifications): Require absolute links for support of desktop and mobile clients (server#59614)
• Feat(settings): Log AI config changes to audit log (server#59620)
• Chore: update haze to 2.2.1 (server#59621)
• Test(integration): Add integration test for accept share (server#59637)
• Fix(Util): `getScripts` also need to reorder core translations (server#59641)
• Fix(files_external): ignore unsatisfied optional dependencies (server#59642)
• Perf: don’t fetch child mounts when getting node parent (server#59644)
• Fix(files): remove error message when closing the “Open locally” dialog (server#59658)
• Feat(recent-files): allow configuring image grouping (server#59666)
• Fix(files): add missing table header for actions column (server#59675)
• Restore missing apps on upgrade (server#59685)
• Build(deps): bump phpseclib/phpseclib to 2.0.53 (server#59689)
• Fix(DB): Ignore intentionally missing fs_storage_path_prefix index on PostgreSQL (server#59724)
• Fix(profile): normalize profile visibility (server#59733)
• Fix app name not translated in the title of public pages (server#59755)
• Test(integration): add tests for calendar delegation (server#59762)
• Fix(oauth2): Add missing urlencode for failure redirection (server#59771)
• Fix: Reduce the mixups between apptokens and session ids (server#59774)
• Fix: Add missing PasswordConfirmationRequired attributes (server#59788)
• Hide share token if share has more permissions than the current user (server#59794)
• Fix(s3): ignore prefixes with repeating delimiters (server#59828)
• Avoid undefined array key sharing request (server#59833)
• Chore: Improve SVG handling in link previews (server#59837)
• Fix(ImipService): Refactor `IMipService` to improve performance (server#59846)
• Fix(dav): unify content disposition header escaping (server#59851)
• Fix(dav): do not list intermediate files (server#59853)
• Fix(files): do not show convert-file action in view-only shares (server#59872)
• Wrap oauth2 token rotation in a transaction (server#59878)
• Fix(files_sharing): Restore password guard return for new public shares (server#59895)
• Fix(teams-api): adjust resource filtering (server#59926)
• Fix: add ACLs for calender delegation (server#59963)

3rdparty

• Build(deps): bump aws/aws-sdk-php to 3.376 (3rdparty#2371)
• Build(deps): bump phpseclib/phpseclib to 2.0.53 (3rdparty#2385)

activity

• Fix: only write activites for actual public uploads (activity#2459)

app_api

• Fix(occ): preserve ExApp deploy options on update (#808) (app_api#842)
• Fix(proxy): commit on first matching route by path and verb (app_api#852)

circles

• Fix(mail): send internal link (circles#2441)
• Fix: update shares handling (circles#2455)
• Fix(shared-with-list): adjust resource filtering (circles#2466)

files_pdfviewer

• Fix handling of “enableScripting” data attribute (files_pdfviewer#1397)
• Allow PDF Forms calculations (files_pdfviewer#1410)

notifications

• Fix(mail): Only render links when they are absolute urls (notifications#2931)
• Fix(push): Limit user output (notifications#2933)

password_policy

• Fix: Check cookie logged in event (password_policy#932)

photos

• Fix: do not show error on non accepted TOS (photos#3482)

survey_client

• Master] Update nextcloud/ocp dependency (survey_client#396)
• Ci(workflows): Update workflows and add couple of new standard ones (survey_client#398)

text

• Fix(checklist): don’t cross out checked list items (text#8425)
• Optimize cleanup job (text#8444)
• Fix(menubar): lower z-index: on top of document content, but below modals (text#8470)
• Fix(deps): bump phpunit and php-cs-fixer (text#8495)
• Fix: always validate share token if provided (text#8501)

updater

• Fix: verify integrity with URL override but allow to disable if needed (updater#725)
• Fix: broken upgrade via --url flag (updater#743)
• Feat(signature): allow to provide custom signature (updater#747)

viewer

• Fix: Try fixing too late handler registration for file actions (viewer#3130)
• Fix(ImageEditor): urldecode source name (viewer#3160)

Hi,

I noticed that the releases have been published, but weirdly 32.0.9 is not available yet via updater (occ update:check or updater/updater.phar) on some systems (We’re on 32.0.3).

I updated to 32.0.8 first, but now the updater detects 33.0.2 as the next available version…

Is the rollout done in waves somehow?

I tried switching release channels (enterprise, stable, beta) and cleaned-up the cache but the new security releases don’t seem to be available still.

@adf-patrickha crossposting for Security releases 32.0.9 and 33.0.3 not available on all systems yet

pls don’t do that. especially not on categories where only bots post, usually.
thanks