News | Product | Release | Server

ownCloud Server 10.13 released: Kerberos authentication and enforceable 2-Factor-Authentication

We are happy to announce the immediate release of ownCloud Server 10.13 with many new features requested by our customers. Among them, most important is the new enforcement of Two-Factor Authentification (2FA) via Time-based One-Time Passwords (TOTP) – a feature many customers need to comply with security policies.

We continue to recommend as a first choice a central identity management solution implementing Open ID Connect (OIDC) with which you can enforce any type of authentication, including passwordless authentication.

Additionally, we have focused on Kerberos Authentication for our Enterprise customers.

A complete list of changes can be found in the ownCloud Server changelog and more details in the ownCloud Release Notes :: ownCloud

New Highlights:

Enforce Two-Factor Authentication

If Two-Factor Authentication is enforced, all users will be required to use an app capable of 2FA. At least one such app is necessary for this feature, otherwise no enforcement will be done. Admins can define special groups that may be excluded from 2FA: Their group members can bypass Two-Factor authentication. #40830

Kerberos Authentication

Enterprise customers now benefit from ownCloud 10.13’s Kerberos support both for login and via delegation in the Windows Network Drive app. For the user, this means less logins, less password entries and a much more efficient workflow: There’s additional single-sign-on options and no need to save usernames and passwords of LDAP users in order to access SMB/CIFS shares in your on-premises environment.

This enhancement will already be available in the next version of the WND app (for our Enterprise customers) and an additional Kerberos login app will soon be available in our marketplace. To implement this, we recommend our consulting services. Please contact  for an offer.

Implement App Registry (Open in Web)

By using a new option Open in... in the iOS (version 12.0.3+) or Desktop client (version 4.0+) it is now possible to directly open a file in the Office Suite being installed on the ownCloud server. (#40843) This is a great feature further enhancing and extending our office integrations to the mobile apps!

Additional Features and Important Fixes:

Added occ Command to Remove Obsolete Storages

Metadata coming from any storage are kept in ownCloud’s database. Previously, when a storage was removed from ownCloud, its metadata remained. The new occ command allows removing these obsolete metadata, reducing both the amount of space used by the DB as well as improving the performance (there’s simply less entries). (#40779)

Update Symfony from 4.4.* to 5.4.*

The Symfony PHP framework has been updated to LTS major version 5.4. This also affected a number of apps which required a new release and have been now included in the complete bundle.

Setup of User Key Encryption no longer available

User key encryption has been deprecated in ownCloud core versions later than 10.7. That’s why we removed the command line interface and web UI components that enabled user key encryption. If you are operating an ownCloud installation with user key encryption enabled, please get in contact with  to plan a migration to master key encryption. (encryption#389)

User Key Encryption Is No Longer Auto-Enabled

Executing the occ command encryption:encrypt-all will no longer auto-enable user key encryption. (#40702)

Add Commands to Handle Trusted Servers from the Command Line

New occ commands have been added to handle the trusted servers for federation from the command line. These commands will allow the admin to add, list and remove trusted servers. (#40796)

Skip share_folder for Guest Users

When the config.php option share_folder  was set, guest users could no longer see their received shares. We now skip the config.php option share_folder for guest users and default to root. (#40864)

Minimum search length will be applied for all shares

Remote shares will have the same restrictions as user and group shares. In order for a remote user to show up as a participant in a share (a „sharee“), the search term length must be longer than the minimum configured otherwise only exact matches will be shown. (#40885)

Clean up Storage and Database After Failed File Uploads

All remaining items of failed uploads will now be removed from storage and database. (#40892)

Setting Open Mode in the Checksum Wrapper

The checksum wrapper causes issues when uploading files to some external storages via the desktop client. We are using additional wrappers and the mode wasn’t being detected correctly in some cases. Only if the correct mode was set in the checksum wrapper, ownCloud could decide whether to discard the final checksum or not. Doing so could cause a checksum mismatch. Now the open mode in the checksum wrapper is set explicitly. (#40832)

Align to New Authorization URI

Core 10.12.1 brought an update of the google/apiclient from version 2.12.6 to 2.13.1. However, in version 2.13.0 the authorization URI has been updated. This change broke old code that uses the method setApprovalPrompt('force') instead of the newer setPrompt('consent'), as this endpoint does not support the legacy approval prompt parameter. This has been now fixed. (#40783)

Automatically Disable Online Updater for Enterprise

Online updater is not recommended for Enterprise installations and is now automatically disabled in such cases. (#40841)

Rely on Server to Sort the User List

Previously, the user list was sorted in the browser. This was causing confusion because the sorting happened without taking into account all the items, so there were some weird effects. There is no sorting in the browser now. The server is expected to return the list of users already sorted, so the browser just needs to show the list. (#40840)

Remove the add group button from the dropdowns in the users page

The add group button has been removed from the dropdowns because the behavior was confusing. You can still create new groups in the users page by using the add group button in the top left corner of the users page. The dropdowns will only select existing groups, but they won’t add new groups. (#40770)

Important: Internet Explorer 11 Deprecation Note

Internet Explorer 11 support will be dropped in the next server release.

Default Minimum Supported Desktop Client Version

To ensure clean and reliable operation of the ownCloud platform, it is important to stay up-to-date with the latest releases of the server as well as the clients. To take care of compatibility between the server and desktop clients, the minimum version the server will accept connections from has been raised to version 3.2.1.

While it’s recommended to keep up with later versions, this is the new default value. (#40876)

Updated App Versions

Find below a list of updated apps in comparison with the 10.12.2 complete bundle. More information on the changes can be found in the respective changelogs on ownCloud Marketplace.

Solved Issues

ownCloud 10.13 also includes a security fix, the details of which can be found in the ownCloud portal. All known issues from server 10.12.x have been fixed. Currently there are no known issues with ownCloud Server 10.13.

For more details, such as other notable changes, please read the full Release Notes :: ownCloud Documentation and our Server Changelog – ownCloud.

Download is available from

If you have any questions or need further assistance, please do not hesitate to contact the ownCloud support team.


August 24, 2023

Ready to see what’s next?

Having trouble viewing or submitting this form?

Contact Us

We care about protecting your data. Here’s our Privacy Policy.

Read now:

ownCloud ernennt David Walter zum CXO

ownCloud ernennt David Walter zum CXO

ownCloud, Anbieter der gleichnamigen Open-Source-Plattform für Content Collaboration stärkt seine strategische Ausrichtung in Richtung Kunden und setzt hierfür ein klares Zeichen: Mit der neu geschaffenen Position des Chief Experience Officer (CXO) verfolgt das Unternehmen das Ziel, die Customer Experience kontinuierlich zu verbessern und eine konsistente Kommunikation mit allen Stakeholdern zu fördern.

mehr lesen
ownCloud erweitert sein Partnernetzwerk durch Kooperationen mit OpenTalk und mspaces

ownCloud erweitert sein Partnernetzwerk durch Kooperationen mit OpenTalk und mspaces

Die Kooperationen mit OpenTalk, dem Anbieter für sichere Videokonferenzen, sowie mit dem auf organisationsübergreifende Workspaces spezialisierten Unternehmen mspaces sind wichtige Schritte in Richtung des von ownCloud ausgerufenen Ziels, Nutzerinnen und Nutzern ein breites Portfolio an stabilen und sicheren Open-Source-Lösungen „made in Germany“ anzubieten.

mehr lesen