Nextcloud Security Scan vs Installed Version mismatch

Hi, could someone please use the security scan with Nextcloud 25.0.5 which is available through internet and report their result?

You must click the button trigger re-scan on the website.
I think you can use also https://cloud.server.tld/status.php

1 Like


Thank you

my vote for the security scanner UX/UI design: maybe 5/10 or 4/10?

Who is interested in a cached state from more than 6 months ago? i would never expect a current scan to show me an ancient scan result :slight_smile:

The security scan could use an update :slight_smile:
Question: Where could I open a github issue for that?

Sorry but i did not read the date and I guess a notification asking for a re-scan BEFORE this page is printed on the screen would help. also the contrast for the re-trigger does not go with any norms other than overpaid UX designers… lessons learned or want to answer more support tickets in the forum? :slight_smile:

Now i have one vulnerability left to reach A+

The __Host prefix mitigates cookie injection vulnerabilities within potential third-party software sharing the same second level domain. It is an additional hardening on top of ‘normal’ same-site cookies.

I tried to debug this for 1 hour now, there are different solutions, I have found my own and share it here:

could you please confirm that nextcloud still has no real good documentation for this or is there some place that is simply not linked to the security scanner result?

Kind regards and Thank YOU

Nobody is interested. There was an issue. Maybe someone can write another issue. Maybe it should just not show values that are more e.g. one month old.

Yes, we get it, you didn’t get how the site works right away, and that’s obviously still bothering you. And yes, the UX is not ideal. Still, no need to get snarky, imho. :wink:

Here you can open an issue, if there is not already one:

I suggest you leave such comments out of your issue, because they may not be so well received… :wink:

The GitHub repo I have linked has been set to “Public archive”, so it’s not possible to open new issues anymore. I couldn’t find a replacement for it with a quick search, so unfortunately I’m not sure where to place your issue… Maybe here?


I think if there is no public issue tracker documented, then nextcloud also starts to be closed source, the nice open source times are over. the community is more a wheel in the release chain for enterprise

I am a snarky human, i am not an AI Language Model to always write the best available that can be done…
i never want to hurt someone, but it is like it is, communication is more difficult than software integration :wink:

I think you can write a new issue. Maybe it will accepted or not.

But it could also be that this link is wrong and that is also part of the problem. Maybe is discussed on another part of