Nextcloud version: 28.0.10
Operating system and version: Ubuntu 24.04
PHP version: 8.2
I would like to migrate my current Nextcloud server to a new one with Nextcloud AIO.
My current server is on version 28.0.10 because of the missing update of Two-Factor Email (link). After reading some issues, I figured out how to install NC AIO with 28.0.6 via nextcloud/all-in-one:20240606_075829-latest
But I have to update to 28.0.10 for the migration and stay on it until the app gets an update.
How can I do this?
Is it possible to update the nextcloud-aio-mastercontainer container for new features, but stay on an older NC version if an app compatibility update is missing?
I am on Nextcloud 29 with my productive server and Two-Factor Email works perfectly.
There is no need to stay on an old Nextcloud Version only because of that app.
After the update, simply force the App to be enabled. That will generate an entry in the config/config.php like this:
As you see, I have the twofactor_gateway App (second factor by sms) enabled as well, which is officialy only supported until Nextcloud 25 and even that is still working perfect.
Or you can simply add the above code to your config/config.php .
Thank you for the information, that it’s working after you enabled the app via “untested app”.
But nursoda wrote this (link): Actually, I expect twofactor_email to work unchanged (when manually enabled as “untested app”) as long as there are no real big breaking changes in nextcloud server and its OCA / OCP frameworks. There are however some security concerns with these frameworks that have been addresses. Thus, a rebuild is necessary. That rebuild rendered several other security issues with development dependencies.
Therefore, I would appreciate an update for this app and stay on Nextcloud 28.x.x with the latest patches.
Yes. That is true. It works, without ANY safety concerns!
Of course you can do what you want, but the reasoning is not understandable. The app already supports version 29:
… it just hasn’t been released in the App Store. I’ve looked at the code and I don’t see any reason why this app can’t be used even under Nextcloud 30.
I checked it out and built it. There are no problems or security warnings whatsoever.
It is also the unchanged code of the app that you have installed now. It simply continues to work in the same way. If I understand correctly, it is more security by design that the developer does not like. That is why he started to develop the app from scratch. As he describes, he does not have enough time and does not have a complete overview of all the aspects to finish version 3 of the app. But that does not change the fact that the actual version continues to work just as securely or insecurely as before. At least for version 29. So your argument for wanting to stay on 28 because of THAT app is completely unfounded.
It might be more appropriate to use a more modern second factor provider instead of the old email. No matter how much you change in the app, if you then send the second factor in clear plastic, you don’t have real security. Or do you wait for the app to send the one-time password using PGP encryption? In my opinion, that won’t happen any time soon. Simply because there are now so many much more user-friendly and secure methods.
Thank you for the explanations!
Then I will update the current server to NC 29.x.x and enable the app as an untested app. Then I will migrate to NC AIO.