News

DROWN Vulnerability with SSLv2

We would like to provide you an update on the latest OpenSSL vulnerability known as DROWN. DROWN is a vulnerability that can affect HTTPS servers and other SSL and TLS services. We have received concerns about how this might affect ownCloud and while I’m happy to announce that ownCloud itself remains unaffected, some of the […]

We would like to provide you an update on the latest OpenSSL vulnerability known as DROWN. DROWN is a vulnerability that can affect HTTPS servers and other SSL and TLS services. We have received concerns about how this might affect ownCloud and while I’m happy to announce that ownCloud itself remains unaffected, some of the servers on which ownCloud may run could be vulnerable if they are running SSLv2 services.

In response to this threat, we recommend that you upgrade your servers to the latest vendor packages, so that you are no longer exposed to the vulnerability, and to restart the appropriate services. See https://drownattack.com/ for more information, and visit https://test.drownattack.com/ to see if your servers may be vulnerable. If you are unable to do this in such a short amount of time, it is recommended that you disable SSLv2 services ASAP.

If you are using one of the ownCloud clients for Windows, MacOS, Linux, Android and iOS, no worries, they are unaffected and there is no specific update required.

ownCloud GmbH

March 2, 2016

Read now:

ownCloud Infinite Scale 8.1.0: MFA-Gated Vault Storage Arrives

ownCloud Infinite Scale 8.1.0: MFA-Gated Vault Storage Arrives

oCIS 8.1.0 introduces MFA-gated vault storage as an isolated storage plane: its own provider ID, no public or federated sharing path, MFA propagated end to end, and a UI that makes the distinction obvious. Plus a public-share access control fix and roughly 60 other changes across indexing, LDAP, and connection recovery.

read more
The New ownCloud Marketplace: Git Is the App Store

The New ownCloud Marketplace: Git Is the App Store

The new ownCloud Marketplace is live. 13 Web Extensions, 42 apps, 324 releases, 36 publishers and counting. Zero backend. Zero database. Zero server-side processing. The Git repository is the source of truth. The catalogue is static JSON. Publishing an app is a pull request. Git is the app store.

read more