[Solved] Running security scan inside Nextcloud 16.0.5 shows it's running 15.0.7.0

avg · October 22, 2019, 9:54am

Hello all!

Nextcloud version (eg, 12.0.2): 16.0.5
Operating system and version (eg, Ubuntu 17.04): CentOS 6.10
Apache or nginx version (eg, Apache 2.4.25): 2.2.15
PHP version (eg, 7.1): 7.3.10

The issue you are facing:
Running the security scan inside Nextcloud Settings/Overview shows it’s running 15.0.7.0 even though 16.0.5 is installed according to the info in /var/www/html/nextcloud/version.php.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

Login to NC web-gui.
Go to settings/overview.
Click the link " Check the security of your Nextcloud over our security scan ."

The output at scan.nextcloud.com:

Running Nextcloud 15.0.7.0
X NOT on latest patch level
V Major version still supported
Scanned at 2019-04-15 08:27:43

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'passwordsalt' => 'XXX',
  'secret' => 'XXX',
  'trusted_domains' => 
  array (
    0 => 'XXX',
    1 => 'XXX',
    2 => 'XXX',
  ),
  'datadirectory' => '/var/www/html/nextcloud/data',
  'overwrite.cli.url' => 'http://localhost',
  'dbtype' => 'mysql',
  'version' => '16.0.5.1',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_admin',
  'dbpassword' => 'XXX',
  'logtimezone' => 'UTC',
  'installed' => true,
  'instanceid' => 'XXX',
  'mail_from_address' => 'XXX',
  'mail_smtpmode' => 'sendmail',
  'mail_domain' => 'XXX',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'filelocking.enabled' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\APCu',
  'trashbin_retention_obligation' => '15, 20',
  'enable_previews' => true,
  'mail_smtphost' => 'XXX',
  'mail_smtpport' => 'XXX',
  'auth.bruteforce.protection.enabled' => false,
  'mail_sendmailmode' => 'smtp',
  'mail_smtpdebug' => true,
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpsecure' => 'ssl',
  'mail_smtpauth' => 1,
  'mysql.utf8mb4' => true,
  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' => 
  array (
  ),
  'twofactor_enforced_excluded_groups' => 
  array (
  ),
  'app_install_overwrite' => 
  array (
    0 => 'activitylog',
    1 => 'impersonate',
  ),
);

Schmu · October 22, 2019, 11:13am

Simply hit the re-scan button

grafik

avg · October 22, 2019, 11:27am

Dammit’!
I misread the last scan date… So embarrassing, sorry for adding to the interweb noise!

Schmu · October 22, 2019, 11:35am

No problem at all

avg · October 22, 2019, 12:16pm

Might have been premature. Nothing happens after I click the trigger rescan-button. Now it’s been an hour since.

Maybe the scanner servers are overloaded or some such?

avg · October 22, 2019, 12:38pm

Ok, it worked this time.
All is A-okay!