I’m running NC12b4.
Running Nextcloud 126.96.36.199
NOT on latest patch level
I my opinion, it should report
Running Nextcloud 12.0 beta 4 (188.8.131.52)
Latest patch level (BETA channel)
“12.0 beta 4” at least is the “common name” and what “occ -V” reports.
“184.108.40.206” is what’s written in ‘version’ in config/config.php
Apart from the issue itself:
Is there an issue tracker for scan.nextcloud.com?
There should be a hint on scan.nextcloud.com on where to report issues with it!
Also, there seems to be no matching category for this post.
At least it was not obvious to me which to choose. Please correct if necessary.
And: It may be a nice feature to capitalize the first letter of each thread title.
But in cases like this, it would be nice to at least be able to correct the title.
Probably because beta is unstable the scanner is not returning results for an probably unstable or insecure system.
Unstable vs. insecure - these are independent dimensions.
There is a lot of “unstable” open source software: In most projects I use the “latest version” (that the dev team bundled, such as a NC beta 4, I’m not talking about automated daily builds here) IS secure. In fact, in many cases security bugs are fixed on trunk first, and immediately after that in production releases (and backports).
So the scanner should report more clearly.
Yes, this is a RFE proposal only, I can live with how it is and interpret the output.
Same for NC 13b3, scanner reports “Running Nextcloud 220.127.116.11” - which is WRONG.
Did you run a re-scan already? The security scanner seems to be a one-time-scanner which you manually trigger. Afterwards you only see the last scan results and need to perform a new scan.
There should be a timestamp for the latest scan, that helps you identify if the version detection is wrong or the scan didn’t run.
YES! I totally missed that TINY GRAY yin-yan-arrow symbol and the timestamp. Thanks for the hint. Re-scanning now.
If any ADMIN listens, PLEASE make that hint more prominent (at least if the scan is older).
Also, there should be a bug tracker on github for the scaner!
Even after rescanning, scan still shows “NOT on latest patch level”, which is WRONG for the beta channel.