Security scanner seems not to work

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face: is for home/non-enterprise users. If you’re running a business, paid support can be accessed via where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 21.0.4
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.46
PHP version (eg, 7.4): 7.4.16

The issue you are facing: shows me the old version of my instance, even after retrigger

Is this the first time you’ve seen this error? (Y/N):Y

Steps to replicate it:

  1. connect to
  2. Enter my URL
  3. Click trigger re-scan
  4. wait at least 5 Minutes
    It shows Version 21.0.3, tried even several times

The output of your Nextcloud log in Admin > Logging:No output in LOG


The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
. . .

<?php $CONFIG = array ( 'instanceid' => 'XXX', 'passwordsalt' => 'XXX', 'secret' => 'XXX', 'trusted_domains' => array ( 0 => '', ), 'memcache.local' => '\\OC\\Memcache\\APCu', 0 => array ( 'host' => 'localhost', 'port' => 6379, ), 'datadirectory' => '/srv/dateien/nextcloud/data', 'overwrite.cli.url' => '', 'dbtype' => 'mysql', 'version' => '', 'dbname' => 'nextcloud', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'nextcloud', 'dbpassword' => 'XXX', 'logtimezone' => 'UTC', 'installed' => true, 'maintenance' => false, 'mail_from_address' => 'carlo', 'mail_smtpmode' => 'sendmail', 'mail_domain' => '', 'mail_smtphost' => '', 'theme' => '', 'defaultapp' => 'spreed', 'loglevel' => 2, 'data-fingerprint' => 'd56160fd802481e31384c5f12bcd8494', 'mail_smtpport' => '465', 'mail_smtpauthtype' => 'LOGIN', 'mail_smtpsecure' => 'ssl', 'mysql.utf8mb4' => true, 'has_rebuilt_cache' => true, 'default_phone_region' => 'TH', 'app_install_overwrite' => array ( 0 => 'apporder', 1 => 'health', ), '' => 'stable', 'encryption.legacy_format_support' => false, 'encryption.key_storage_migrated' => false, ); ``` The output of your Apache/nginx/system log in `/var/log/____`: ``` PASTE HERE ```

I think the scanner does not really scan. The scanner reads e.g. “status.php” and perhaps some other public files (html, css, php).

You can find your nextcloud version from the internet with “status.php”.


Does the scanner show the same version?

status.php on my instance give following output:
so, this is the correect version

it looks security scanner is not really reliable at the moment:

Thank you for this information, but my problem is different.
as one can see it reports an old scan date and status.php from my site reports


Did you click on “trigger re-scan” and check again a few minutes later? You probably have to reload the page after you triggered the re-scan.

1 Like

several times

Hmm just tested it with my instance. It worked, expect for the known issue, that it does not recognise version 21.1.0.

Maybe to obvious as a question… But your Nextcloud is publicly accessible from the Internet via port 443? Apart from that, unfortunately, I can’t think of anything else right now…

1 Like

yes, it is publicly accessible.
In fact I’m using this instance already a long time, and it’s a normal routine after update, to use the scanner. It always worked fine. But to be honest, actually it is not a big issue, hopefully it works again after next upgrade :wink:

1 Like

I did new scan with two NC 21 yesterday (re-trigger scan) and another new scan today after I updated one of them to NC 22… my results update pretty fast and show right versions.

dumb question: do you have some caching mechanism in your browser or network (proxy)?


That was it, I don’t know what exactly, I have no proxy, but maybe something in Browser which I don’t know. I used the same Browser at least the last 2 or 3 time when I scanned the system and it worked fine.
But to be sure I went to another system and other Browser too, scanned and hey, it worked :grinning:
Good to know when something similar happens :wink:
thank you

1 Like