Nextcloud tells me:
Due to a security bug we had to remove some of your link shares. Please see the link for more information.
How could I get the list of shares Nextcloud had deleted?
1 Like
Same problem here, but with NC 15.0.8 - just telling people, that something has been removed without telling what exactly was done, is really a nightmare :-(. I have about 80(!) users and have to tell them, that some link shares may not exist any longer due to a security bug. Not really professional.
1 Like
Hi all,
Sorry, we should’ve listed what shares have been removed. That would have been more clear.
Sadly, that was quite complicated to show, I believe. In general, though, the case when shares would be removed was very rare, on a small home user or small business instance it would probably usually simply be 0.
Edit: this is the description of the case where this could happen:
(…) only applies to public re-shares of sub folders and files of a group share, and only if meta data was updated on the share after the public link was created by a recipient.
This series of steps has to occur for something bad to happen:
- User A shares a folder to a group
- User B, a member of the group, re-shares a file or folder from the shared folder by public link
- User A sets an expiration date or otherwise changes permissions on the original share
- The recipient of the public link now gets access to the full share, showing all files of the original group share instead of only the one folder or file which was shared.
Note that:
- The problem does not occur when first the expiration date is set and then a file is shared by public link, only if the order is the other way around.
- The problem does not occur on shares to a individual, only on group shares from which subfolders or files are re-shared with a public link.
- If set, after the expiration date on the original group share is passed, the share is no longer available.
2 Likes
Follow-Up question: Why did it take almost 14 days, and 2 pings on Twitter to get an answer that could have been included in the security advisory?
Sorry, the advisory should have included this info. And to the slow response - we’re just busy, a lot of support work lately at the same time with some hardware issues as you might have noticed (as it caused some downtime with our forums, website, download servers etc). We’re still a small company 
1 Like
i did get the same message for my testbench.
Fortunatly, as a test bench, i only got a few ( 52) share links.
I was able to check all of them, and they all work perfectly, even after receiving this message.
1 Like
Still, how do I figure out which shares got removed?
I asked our sysadmins after they ran it on our internal Nextcloud and the answer was “not possible, they got removed…”. Sorry.
“Oh, goodie :P”
Anyway, it’s not a huge issue in my case, as it’s just a private/family instance, but this sounds like potentially causing many many headaches.
Sadly this is fucking lie. Core team treats us like flies. It all comes down to displaying an array (yes, thats whats results stored in).
Right. In fact thats main reason why I left NC.
If you cannot undo removal, than screw whole NC thing…its shit. Who the hell didnt implement soft-deleting of files…
Huge fuckup in designing stage…
Tahnks for the Answer @jospoortvliet That was helpfull, I know now that I had not lost any shares.
Thanks.