Not sure if you did read the text to the tests: They say they will react proactive. So where is the problem? Less unsecure or zombie systems is the better for us all, is better for Nextcloud as platform.
Our customers get proactive help with upgrading and keeping their systems secure. We also warn them in advance when security problems are found. Learn about Nextcloudâs security efforts.
I wish Mozilla Obervatory test would do this too. 90% of all tested Websites are unsecure and violating privacy by default and designâŚ
@BernhardPosselt Why was the rating removed? It shows the vulnerability level but no grade anymore. Is this intentional? It help to make it a bit easier to persuade people without a technical background to do an upgrade.
@jakobssystems Also, if at some point in the future a vulnerability that could be abused over federated shares is discovered, this activity is in the interest of every Nextcloud/Owncloud administrator who allows this feature to be used by his users. What would happen if a federated share from an unpatched installation to a top secured one will screw the latter? I donât like the idea that this could happen at some point.
Any responsible Nextcloud/Owncloud administrator who keeps their systems up to date and implements all necessary hardening recommendations shouldnât be at the mercy of irresponsible fools at all who run something as outdated and unsupported like Owncloud < 9.0 or Nextcloud < 10.
Also, if it was solely a marketing campaign, then they wouldnât even mention newer supported Owncloud releases at all. But rather the opposite is true, if one reads the text on the scanner page carefully:
For Nextcloud, the latest releases are Nextcloud 12.0.0, 11.0.3, 10.0.5. For ownCloud, that would be ownCloud 10.0.1, 9.1.6 or 9.0.10.
Now the scanner is become totally useless. Today I can not scan any nextcloud system. I have ten nextcloud systems and I could scan nine of the since yesterday or tuesday. Today I can not scan a single nextcloud system -.-
i am very new to nextcloud. My Nextcloud is running on a different port and i tried âcloud.domain.de:portâ which did not work.
Then i changed for the security scan the ports to standard https. If i check âcloud.mydomain.de/status,phpâ and i get â{âinstalledâ:true,âmaintenanceâ:false,âneedsDbUpgradeâ:false,âversionâ:â12.0.2.0â,âversionstringâ:â12.0.2â,âeditionâ:â",âproductnameâ:âXYZ-Cloudâ}"
but security scanner say:
âScan failed! The scan for the specified domain failed. Either no Nextcloud or ownCloud can be found there or you tried to scan too many servers.â
Yes. A non-functioning scanner after all the hype around it is more then useless and dangerous for the security reputation of the ownCloud/Nextcloud ecosystem!
It seems the paid people have found other priorities which are naturally coming with paying customers?!
We already got non-Open Source Products with a Nextcloud name and sold by Nextcloud (Outlook Plugin), Desktop Clients for my MAC which are only working with TLS 1.0 (workaround is to use the ownCloud one), many bugs, no major version skip when upgrading (ownCloud has now 9.0.x to 10.0.x upgrades) and an amateurish approach to quality assurance and now this ⌠for me this is promises which brought me to this team not kept âŚ
I just wanted to let you know, that I just saw the Security Scanner working again.
I have a current timestamp for the last scan and see up to date results.