Sorry to bother you but i have something strange going on. I have just checked my Nextcloud and it is showing that an update to 18.03 is available on the stable channel.
The official website is still at 18.0.2. But I can manually edit the URL address to 18.0.3 and download 18.0.3. I’m worried that Changelog is still not updating. Is there a sense of urgency to this update?
I appreciate all the time you invest here, however, please also understand that people don’t like to simply assume anything and love to have detailed information.
As Nextcloud always advertises: you want to have your personal data and files as secure as possible. So careful admins don’t simply hit the update button and install any package which isn’t announced.
I followed all the links so far and tried to understand, what exactly made this update so urgent, but still I don’t understand it.
All I read so far is: “It’s better to have that fix”. But why? What can happen if not?
While we link from here to Github and from Github to this forum here back and forth, why not explain the issue at some place and link to that place?
So what I’m asking for is simply: please take the people’s concerns serious. We all are just human
Some a bit more scared than others and some don’t understand every issue instantly
Usually when a company releases a security update but refuses to say what it patches means it’s a serious exploit/vulnerability that can be exploited by anyone.
@kesselb It’s not unheard of for a project’s infrastructure to be compromised and malicious updates posted.
Not seeing documentation in the usual channels raises suspicion that something like this may have occurred. Most of us are used to the release appearing on github and the update server only notifying after a week or so. This release was the other way around and so surprising.
Especially so for an important security update, I would expect to see some notification somewhere with accompanying CVE if applicable.