Production channel not updating 14.0.x

I’m currently running Nextcloud 14.0.4 on Debian 8 with Apache2 running Production Update Channel

I’ve seen that 14.0.6 is out and I like to make sure my instance is up to date with the latest patch/rev level in the major release. Somehow, I missed getting notified that 14.0.5 was available and I would like to use the web updater to get to 14.0.6.

The Updater claims that “Your version is up to date.” with the “i” informing me that it checked recently.

In the description below, it states:

“production will always provide the latest patch level, but not update to the next major release immediately. That update usually happens with the second minor release (x.0.2).”

This is clearly not the case. If it is not offering me to go to 15 (which I’m hesitant to do and don’t generally like to until the currently major release is close to EOL) then it should offer me the latest patch level, 14.0.6, which it doesn’t.

Should I expect the updater to be offering me 14.0.6, which seems like it would be the most secure option.

Is there some way for me to hold my major version until I am happy with the next major version? I would still like to get updates for the major version I’m on without having to do the upgrades by hand.

HI jimbolaya,

You could try using the shell. Enter this command:

cd /var/www/FolderToNextcloud/updater && sudo -u www-data php updater.phar

I would recommend a backup before (VM Snapshot, etc.).

Could your request be resolved?

/var/www/nextcloud/updater# sudo -u www-data php updater.phar
Nextcloud Updater - version: v14.0.2RC2-1-g21ab216

Current version is 14.0.4.

No update available.

Nothing to do.

Looks like you want to update from an RC version to a stable one …
Unfortunately I haven’t done that yet. Maybe it is possible to force the upgrade? Make a backup first :wink:

Hi,

I do have exactly the same issue, and same state.

sudo -u www-data php updater.phar
Nextcloud Updater - version: v14.0.2RC2-1-g21ab216

I always was upgrading with stable line of releases.
I went from 13.x to 14.x with this stable config.
While being in 14.x I changed from stable to production.
So :

  • I am surprised about the statement : “Looks like you want to update from an RC version to a stable one …” even if I see the detailed release name.
  • I am surprised to end in this state.

Bug in previous upgrades process ?

Error of manipulation made by me in previous updates in 13.x ?

By which method do you suggest to force upgrade ?

Thanks for any suggestion.

hey all… particularly @jimbolaya and @dge

for which reason ever devs might think that nc14.0.4 is the most stable version for production right now (which might change as well) so this is why they put it into production channel.
if you aren’t ok with that just change your channel to stable and it will show up with the latest available version within 24hrs, usually.

from what i understand that might be the right choice for you, in general.

for definitions of stable andproduction and their differences just RTFM! or at least search the forum before posting …

thank you.

@giftzwerg

I would like to note that this is the “Nextcloud Updater” version.

“Current version is 14.0.4.” is the Nextcloud version.

@JimmyKater Thank you for the informative answer. However, I would like to state, for my part, the forum was extensively searched. For 20-30 minutes. Not sure if I should extend that to an hour or more. The results from your example are all the ones I found and frankly, less than enlightening. Mostly because they don’t answer the question I had, but they’re all referring to past versions.

Additionally, until your response, I never felt there was an adequate answer to why the Updater behaves as it does. I understand the dev’s desire to make things easier on users and themselves by postponing a version they don’t feel is stable enough.

As far as reading the FM I would also like to note that it is different than the text on the Update page.

FM states:
Production: This channel delivers the latest fully tested release of Nextcloud. …

Update page states:
production will always provide the latest patch level, but not update to the next major release immediately. That update usually happens with the second minor release (x.0.2).

I guess I thought it was reasonable for me to rely on the local documentation. Am I expected to refer to the FM documentation for every change I make, even if the documentation is local to my instance?

2 Likes

really? it’s like murphy’s law for me: bazillion users asking more or less the same question… when does this or that channel update and why don’t they update earlier etc.
and i do pick the only one ever who searched the forum and read TFM.

sorry if i’ve done you wrong.

but the answer to your question is: if production channel releases updates too slow you always could switch over to stable.

pls be aware that devs do release new versions in waves. so if stable channel isn’t fast enough for you, switch to beta… wait until the final beta is offered, install and then switch back to stable

if you question was different to that it would be nice if you would open a new thread… with an more exact description of your problem (like why does TFM read this and local M does read that, etc)

thanks

Hi @JimmyKater,

The origin of my trouble was the fact that when running the security scan of nextcloud, it replied to me that my security was A instead of A+ because “NOT on latest patch level”.
My concern was not to have the latest (functional) patch level, but to have a good security…
After seeing that statement I did thought that I had an upgrade issue on my installation. I do understand now that it’s not the case and I am up to date (with regards to the production stream).

I was expecting that on the stream of release called “production” I would have a stable well tested release and the most secure.
The second part of my last sentence is not written in the production definition, I agree, and apologies for my initial comment .

I suggest that either nextcloud team changes the security status not to degrade the status when the installation is on the latest production release.
and/or nextcloud team makes the production stream have the latest security patches, (not functional patches).

In the hope to contribute to the quality of this marvelous product, nextcloud.
Regards.

for which reason ever the security scan often shows the results of an older scan (you need to take care of the scandate which is provided within the result)… so if you’d force a new scan there might be a new result some 5 minutes later…

Yes I do agree, but that’s what I did.
I did rescan today =>

Running Nextcloud 14.0.4.2
NOT on latest patch level
Major version still supported
Scanned at 2019-01-18 21:03:42 trigger re-scan

So either the security scan either is pessimistic for production stream
or the best choice for a stable and secure nextcloud is stable stream.

Yes, I can confirm this behaviour. My nextcloud server is on production-channel.

Some weeks ago I tested my installation with the security scan of nextcloud. I got an “A” togehter with the info, that there is a newer (Minor-)Version.

But at the same time my installation told me, that I’m on the latest Version. - No update available.

This is a little bit confusing and can maybe be improved.

Btw: Yesterday I got the Update. Now I’m realy on the latest production-version. But it took weeks…

The new release 14.0.6.0 has been proposed today by the upgrader to update my install.
So had no issue upgrading, the analysis of @JimmyKater was correct.
Sorry again for the messages.

Do you know if the dev. team did something to make production stream more consistent with security audit ?

May be @LukasReschke you could give an answer to the concern we did express.
Regards.

1 Like