Maintenance releases 21.0.3, 20.0.11, 19.0.13 are coming - RC’s are available on our download server now and help with testing is welcome! If you experienced bugs in the stable release, see if they’re fixed.
Downloads:
- https://download.nextcloud.com/server/prereleases/nextcloud-21.0.3rc1.tar.bz2
- https://download.nextcloud.com/server/prereleases/nextcloud-20.0.11rc1.tar.bz2
- https://download.nextcloud.com/server/prereleases/nextcloud-19.0.13rc1.tar.bz2
Changelogs:
21.0.3
- Don't break OCC if an app is breaking in it's Application class (server#26879)
- Bump handlebars from 4.7.6 to 4.7.7 (server#26905)
- Bump url-parse from 1.4.7 to 1.5.1 (server#26911)
- Bump lodash from 4.17.20 to 4.17.21 (server#26912)
- Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26918)
- Fix occ command user:add-app-password (server#26952)
- Add bruteforce protection to the shareinfo endpoint (server#26955)
- Ignore readonly flag for directories (server#26964)
- Throttle MountPublicLinkController when share is not found (server#26972)
- Respect default share permissions for federated reshares (server#26999)
- Harden apptoken check (server#27012)
- Use parent wrapper to properly handle moves on the same source/target storage (server#27015)
- Fix log error when creating files from an empty template (server#27021)
- Fix error when using CORS with no auth credentials (server#27028)
- Fix filesize error on log rotation, if file does not exist (server#27058)
- Avoid reading ~/.aws/config when using S3 provider (server#27097)
- Move remnants of ocs api requests to v2 endpoint (server#27109)
- Add DB exception '@throws' tag to QBMapper PHPDoc (server#27121)
- Improve type handling of Avatar::generateAvatarFromSvg (server#27124)
- Bump patch dependencies (server#27184)
- Fix the get editable fields endpoint without a user id (server#27195)
- Use noreply@ as email address for share emails (server#27208)
- Bump vue-loader from 15.9.6 to 15.9.7 (server#27231)
- Bump moment-timezone from 0.5.32 to 0.5.33 (server#27237)
- Bump browserslist from 4.16.0 to 4.16.6 (server#27248)
- Bump ws from 7.3.1 to 7.4.6 (server#27250)
- Properly use limit and offset for search in Jail wrapper (server#27303)
- Make user:report command scale (server#27318)
- Properly log expiration date removal in audit log (server#27324)
- Emit UserLoggedInEvent on apache auth (server#27333)
- Don't allow executing cli if cache backend is unavailable (server#27334)
- Propagate throttling on OCS response (server#27336)
- Replace OCSController with OCP\API (server#27346)
- Don't throw when comments is disabled (server#27347)
- Set umask before operations that create local files (server#27350)
- Escape filename in Content-Disposition (server#27359)
- Don't update statuses to offline again and again (server#27411)
- Fix some php 8 warnings (server#27415)
- Don't pass a column object to addOrderBy (server#27446)
- Header must contain a colon (server#27455)
- Bump postcss from 7.0.35 to 7.0.36 (server#27569)
- Properly cleanup entries of WebAuthn on user deletion (server#27599)
- Throttle on public DAV endpoint (server#27616)
- Bump dompurify from 2.2.8 to 2.2.9 (server#27622)
- Remove encodeURI code (files_pdfviewer#397)
- Disable content copy for PDF files that specify it (files_pdfviewer#417)
- Only ask for permissions on HTTPS (notifications#997)
- Fix sorting if one of the file name is only composed with number (photos#784)
- Hide free space if it can't be calculated (serverinfo#295)
- Update chart.js (serverinfo#308)
- Only return workspace property for top node in a propfind request (text#1610)
- Add fixup (viewer#923)
- Fix: fullscreen for Firefox (viewer#928)
- Use physical pixel size for preview resolution (viewer#937)
20.0.11
- Bump handlebars from 4.7.6 to 4.7.7 (server#26900)
- Bump lodash from 4.17.20 to 4.17.21 (server#26909)
- Bump hosted-git-info from 2.8.8 to 2.8.9 (server#26920)
- Don't break OCC if an app is breaking in it's Application class (server#26954)
- Add bruteforce protection to the shareinfo endpoint (server#26956)
- Ignore readonly flag for directories (server#26965)
- Throttle MountPublicLinkController when share is not found (server#26971)
- Respect default share permissions for federated reshares (server#27001)
- Harden apptoken check (server#27014)
- Use parent wrapper to properly handle moves on the same source/target storage (server#27016)
- Fix error when using CORS with no auth credentials (server#27027)
- Bump patch dependencies (server#27183)
- Use noreply@ as email address for share emails (server#27209)
- Bump browserslist from 4.14.0 to 4.16.6 (server#27247)
- Bump webpack from 4.44.1 to 4.44.2 (server#27297)
- Properly use limit and offset for search in Jail wrapper (server#27308)
- Make user:report command scale (server#27319)
- Properly log expiration date removal in audit log (server#27325)
- Propagate throttling on OCS response (server#27337)
- Set umask before operations that create local files (server#27349)
- Escape filename in Content-Disposition (server#27360)
- Don't update statuses to offline again and again (server#27412)
- Header must contain a colon (server#27456)
- Activate constraint check for oracle / pqsql also for 20 (server#27523)
- Bump ws from 7.3.1 to 7.5.0 (server#27570)
- Properly cleanup entries of WebAuthn on user deletion (server#27596)
- Throttle on public DAV endpoint (server#27617)
- Bump vue-loader from 15.9.3 to 15.9.7 (server#27639)
- Remove encodeURI code (files_pdfviewer#396)
- Only ask for permissions on HTTPS (notifications#998)
- Fix sorting if one of the file name is only composed with number (photos#785)
- Backport 20 fix Photos not shown in large browser windows #630 (#686) (photos#810)
- Update chart.js (serverinfo#309)
- Only return workspace property for top node in a propfind request (text#1611)
- ViewerComponent: pass on autofocus to EditorWrapper (text#1647)
- Add fixup (viewer#924)
- Fix: fullscreen for Firefox (viewer#929)
19.0.13
- Bump handlebars from 4.7.6 to 4.7.7 (server#26901)
- Bump hosted-git-info from 2.8.4 to 2.8.9 (server#26921)
- Add bruteforce protection to the shareinfo endpoint (server#26957)
- Ignore readonly flag for directories (server#26966)
- Throttle MountPublicLinkController when share is not found (server#26970)
- Respect default share permissions for federated reshares (server#27002)
- Harden apptoken check (server#27013)
- Use proper query method. No get yet on stable19 (server#27041)
- Merge stable19 intermediate back to stable19 (server#27056)
- Bump patch dependencies (server#27182)
- Use noreply@ as email address for share emails (server#27210)
- Bump webpack-cli from 3.3.11 to 3.3.12 (server#27223)
- Bump @nextcloud/axios from 1.3.2 to 1.3.3 (server#27296)
- Properly use limit and offset for search in Jail wrapper (server#27307)
- Properly log expiration date removal in audit log (server#27326)
- Propagate throttling on OCS response (server#27338)
- Escape filename in Content-Disposition (server#27361)
- Header must contain a colon (server#27457)
- Bump ws from 7.2.3 to 7.5.0 (server#27568)
- Bump postcss from 7.0.18 to 7.0.36 (server#27572)
- Stable20] Properly cleanup entries of WebAuthn on user deletion (server#27598)
- Throttle on public DAV endpoint (server#27618)
- Fix integration-federation_features tests (server#27643)
- Backport 19 fix Photos not shown in large browser windows #630 (#686) (photos#811)
- Update chart.js (serverinfo#310)
- Only return workspace property for top node in a propfind request (text#1612)