Hi all,
Iām having some trouble with the wordpress page for our changelog, and as our web dev is on vacation this week, I decided to post the changelogs here for now 
You can get the new releases on nextcloud.com/install or our download servers directly. Iāll publish our usual blog in a minute!
As always - please update! It not only fixes small functional issues but we always do security hardenings and fixes and to keep your server safe you should stay up to date.
Why and when to update?
We typically release the security advisories (details on the security issues we fixed) about 2 weeks after the release. Once the advisories are out, you can read them to determine if perhaps somebody has abused one of the issues described therein. If thereās anything relevant or big, of course, many issues are minor improvements that might be hard or impossible to abuse, and we donāt have issues with every release. But sometimes there are, and you have to keep in mind that the ābad peopleā can also use those advisories to then look how they can hack servers that arenāt yet updated. That is why we give you the two week periodā¦ Please use it to update your server!
EDIT: blog out: https://nextcloud.com/blog/updates-25-0-4-and-24-0-10-are-out-get-it/
Here is the changelog for 25.0.4:
- Fix array to string conversion in errorlog writer (server#35821)
- Use mimetype from cache for workflow checks (server#35842)
- Update psalm-baseline.xml (server#35954)
- Fix: show toggle grid view button with open sidebar (server#36032)
- Replace custom tooltips with native one in vue components and views (server#36044)
- Remove js navigation on alternative login click (server#36076)
- Replace custom tooltips with native ones in apps page (server#36082)
- Replace custom tooltips with native ones in users page (server#36084)
- Escape path prefix when doing cache jail search (server#36099)
- IMigrationStep progress bar fix (server#36102)
- Limit key names when uploading theme images (server#36103)
- Fix inability to re-enter share password after invalid input (server#36106)
- Differentiate share links (server#36129)
- Add always visible share label (server#36134)
- Focus trap contacts menu with NcHeaderMenu port (server#36142)
- Catch Exceptions when loading storage data of users (server#36155)
- Extend ViewOnly DAV plugin to versions endpoint (server#36164)
- Ext storage configs default value support + enable SSL by default (server#36165)
- Improve exception serializing (server#36167)
- Improve saving applicable users in ext storage (server#36174)
- Improve password generation for link shares (server#36179)
- Only expose storage location to admins (server#36180)
- Revert āAdd alt to the logo, adapt css for logoā (server#36193)
- Fix/35886 replace custom tooltips with native one for personal and administration settings stable25 (server#36197)
- Fix login loop if login CSRF fails and user is not logged in (server#36208)
- Fix(search): Fix settings section icon color (server#36226)
- Fix(dav): catch MaxInstancesExceededException for recurring events without end date (server#36230)
- Port global search menu to focus trapped NcHeaderMenu (server#36236)
- Allow interaction with encrypted folders (server#36238)
- Disable unreliable acceptance tests (server#36240)
- Fix github action āperformance-8.0ā when PR is from a fork. (server#36243)
- Specify the profiler app branch to test with (server#36246)
- Docs: document types flag for search options (server#36255)
- Fix(theming): fix admin images migration (server#36272)
- Remove Bootstrap version reference from tooltip.scss (server#36273)
- Fix(occ): Fix comment formatting of maintenance:repair command (server#36274)
- L10n: Fixed grammar (server#36283)
- Fix interned strings buffer check if 0 free bytes (server#36292)
- Fix double where in CustomProperiesBackendTest (server#36294)
- Add success message to personal settings clipboard button (server#36296)
- Fix user status message input (server#36297)
- Fix WHERE condition when selecting userās availability for the statusā¦ (server#36308)
- [Fix]: scan-app-data conversion (server#36311)]([stable25] [Fix]: scan-app-data conversion by backportbot-nextcloud[bot] Ā· Pull Request #36311 Ā· nextcloud/server Ā· GitHub)
- Fix double where() usage in resource manager (server#36317)
- Bump @nextcloud/vue to v7.5.0 (server#36322)
- Fix default value for files_no_background_scan (server#36335)
- Port files sharing selector (server#36339)
- Donāt translate a variable (server#36344)
- Imaginary - add tiff to supported formats (server#36364)
- Fix moving files of encrypted local storage to unencrypted local storage (server#36374)
- Fix(dav): check if principal has email address before accessing it (server#36387)
- Fix admin-disabled background and user pristine theming settings (server#36394)
- Fix focus not returning to search icon (server#36398)
- Do not store generated mysql password if it was not used (server#36400)
- Fix(caldav): Fix wrong Psalm report for nullable calendar data (server#36412)
- Allow keyup enter in user status (server#36415)
- Fix the exif_read_data issue (server#36439)
- Fix(encryption): donāt throw on missing file (server#36442)
- Fix MigrateBackgroundImages on oracle (server#36456)
- Add a safeguard for Version23000Date20210721100600.php (server#36466)
- Non-static app_dir (server#36476)
- Do not reuse query builder objects in DAV account deletion (server#36490)
- Drop vue-clipboard2 in favour of native Clipboard API to fix copy to clipboard (server#36507)
- Do not open the sidebar automatically on small widths (server#36514)
- Chore(CI): Opt-out of PHPUnit 10 for now (server#36518)
- Perf(federation): Only request root share info for checking availability (server#36557)
- Add bruteforce protection to password reset page (server#36573)
- Revert #34908 to allow 32bit setups to upgrade to 26 (server#36593)
- Port profile visibility select (server#36595)
- Update psalm-baseline.xml (server#36597)
- Imaginary - fix generation of heif, pdf, illustrator and svg thumbnails (server#36602)
- Prevent scrolling hover .files-controls (server#36614)
- Restore copy button text on directory fetch error (server#36615)
- Fix compilation of Vue 2.7 features (server#36624)
- Revert āupdate 64-bit check wordingā (server#36631)
- Also copy meta data when converting DataResponse to JSONReā¦ (server#36702)
- Validate the scope when validating operations (server#36815)
- Update nextcloud/ocp dependency (activity#1053)
- Replace custom tooltips with native tooltips (activity#1055)
- Update nextcloud/ocp dependency (activity#1067)
- Show full date after headings like āTodayā as a hidden-visually span (activity#1070)
- Create an unordered list for the list of activities (activity#1078)
- Bump @nextcloud/router from 2.0.0 to 2.0.1 (files_pdfviewer#706)
- Update nextcloud/ocp dependency (firstrunwizard#807)
- Update nextcloud/ocp dependency (firstrunwizard#820)
- Update nextcloud/ocp dependency (nextcloud_announcements#157)
- Bugfix/noid/close header menu (notifications#1417)
- Update nextcloud/ocp dependency (notifications#1438)
- Replace custom tooltips with native ones. (notifications#1439)
- Remove focus border when not keyboard focused (notifications#1449)
- Update title when changing sections in navigation (photos#1515)
- Make face covers smaller (photos#1552)
- Fix renaming faces: Do not delete existing face when renaming (photos#1581)
- Fix upload of pictures into album (photos#1603)
- Fix sharing with group (photos#1605)
- Listen to NodeDeletedEvent to remove photos from albums (photos#1607)
- Fix FaceContent: Fix viewer path (photos#1608)
- Correctly listen to group change events (photos#1612)
- Fix(tags performance): Cache tag counts on server and load them using initial state (photos#1620)
- Fix viewer in public albums (photos#1630)
- Fix(FetchFacesMixin): Decode entities in file.realpath (photos#1646)
- Replace custom tooltips with native ones (privacy#849)
- Improve related resourcesā title (related_resources#163)
- Update nextcloud/ocp dependency (serverinfo#408)
- Fix(deps): update dependency markdown-it-image-figures to ^2.1.1 (text#3648)
- Update nextcloud/ocp dependency (text#3651)
- Fix(deps): update dependency path-normalize to ^6.0.10 (text#3655)
- Chore(deps): update dependency @nextcloud/eslint-config to ^8.2.0 (text#3661)
- Fix(deps): update dependency @nextcloud/logger to ^2.5.0 (text#3662)
- Fix(deps): update dependency @nextcloud/vue to ^7.5.0 (text#3664)
- Fix(deps): update tiptap (text#3675)
- Chore(deps): update dependency jest-environment-jsdom to ^29.4.0 (text#3699)
- Chore(deps): update dependency jest-environment-jsdom to ^29.4.1 (text#3702)
- Fix bug when session not found (text#3705)
- Chore(deps): update dependency @vue/test-utils to ^1.3.4 (text#3708)
- Update nextcloud/ocp dependency (text#3721)
- Fix background color of tables (text#3734)
- Chore(deps): update dependency @cypress/webpack-preprocessor to ^5.16.2 (text#3743)
- Chore(deps): update dependency @nextcloud/eslint-config to ^8.2.1 (text#3744)
- Fix(deps): update dependency vue-material-design-icons to ^5.2.0 (text#3755)
- Fix: transations in status message (text#3767)
- Fix(Polling): Perform computations in milliseconds (text#3773)
- Fix: empty code blocks (text#3780)
- Chore(deps): update dependency @cypress/webpack-preprocessor to ^5.16.3 (text#3782)
- Chore(deps): update dependency jest-environment-jsdom to ^29.4.2 (text#3783)
- Catch error if no user is logged in (viewer#1527)
- Enable app specific preview URL (viewer#1536)
And here is the changelog of 24.0.10:
- Fix array to string conversion in errorlog writer (server#35824)
- Fix parameter type for EntityCollection::setReadMarker in comments app (server#35837)
- Use mimetype from cache for workflow checks (server#35843)
- Compare lowercase email when updating from ldap (server#35946)
- Update psalm-baseline.xml (server#35976)
- Escape path prefix when doing cache jail search (server#36100)
- Limit key names when uploading theme images (server#36104)
- Fix inability to re-enter share password after invalid input (server#36107)
- Catch Exceptions when loading storage data of users (server#36156)
- Improve exception serializing (server#36168)
- Ext storage configs default value support + enable SSL by default (server#36175)
- Improve password generation for link shares (server#36181)
- Fix interned strings buffer check if 0 free bytes (server#36293)
- Fix double where in CustomProperiesBackendTest (server#36295)
- Extend ViewOnly DAV plugin to versions endpoint (server#36299)
- Only expose storage location to admins (server#36306)
- Fix double where() usage in resource manager (server#36318)
- [Fix]: scan-app-data conversion (server#36325)]([stable24] [Fix]: scan-app-data conversion by backportbot-nextcloud[bot] Ā· Pull Request #36325 Ā· nextcloud/server Ā· GitHub)
- Fix default value for files_no_background_scan (server#36336)
- Donāt translate a variable (server#36345)
- Imaginary - add tiff to supported formats (server#36365)
- Fix moving files of encrypted local storage to unencrypted local storage (server#36376)
- Fix(dav): check if principal has email address before accessing it (server#36386)
- Do not store generated mysql password if it was not used (server#36401)
- Fix(caldav): Fix wrong Psalm report for nullable calendar data (server#36413)
- Fix(encryption): donāt throw on missing file (server#36441)
- Add a safeguard for Version23000Date20210721100600.php (server#36467)
- Fix icon of encrypted folders in filepicker (server#36472)
- Do not reuse query builder objects in DAV account deletion (server#36491)
- Skip failing avatar test with PHP 8.0 (server#36500)
- Chore(CI): Opt-out of PHPUnit 10 for now (server#36519)
- Perf(federation): Only request root share info for checking availability (server#36558)
- Fallback to root if the picker folder doesnāt exists (server#36563)
- Add bruteforce protection to password reset page (server#36574)
- Update psalm-baseline.xml (server#36596)
- Restore copy button text on directory fetch error (server#36616)
- Also copy meta data when converting DataResponse to JSONReā¦ (server#36703)
- Validate the scope when validating operations (server#36816)
- Groupfolder+acl (activity#1030)
- Update nextcloud/ocp dependency (activity#1069)
- Update nextcloud/ocp dependency (nextcloud_announcements#156)
- Update nextcloud/ocp dependency (notifications#1436)
- Chore(CI): Print the query log (notifications#1451)
- Bump @vue/test-utils from 1.3.3 to 1.3.4 (photos#1618)
- Update nextcloud/ocp dependency (serverinfo#406)
- Update nextcloud/ocp dependency (text#3649)
- Fix(deps): update tiptap (text#3676)
- Chore(deps): update dependency eslint-plugin-jsdoc to ^39.6.8 (text#3693)
- Chore(deps): update dependency @vue/test-utils to ^1.3.4 (text#3710)
- Chore(deps): update dependency eslint-plugin-jsdoc to ^39.6.9 (text#3711)
- Fix(deps): update dependency core-js to ^3.27.2 (text#3712)
- Chore(deps): update dependency eslint-plugin-jsdoc to ^39.6.10 (text#3716)
- Chore(deps): update dependency eslint-plugin-jsdoc to ^39.7.0 (text#3717)
- Update nextcloud/ocp dependency (text#3722)
- Chore(deps): update dependency eslint-plugin-jsdoc to ^39.7.4 (text#3723)
- Chore(deps): update dependency @cypress/webpack-preprocessor to ^5.16.2 (text#3756)
- Chore(deps): update dependency eslint-plugin-jsdoc to ^39.8.0 (text#3758)
- Fix(deps): update dependency vue-material-design-icons to ^5.2.0 (text#3759)
- Fix(Polling): Perform computations in milliseconds (text#3774)
- Chore(deps): update dependency @cypress/webpack-preprocessor to ^5.16.3 (text#3784)
