We would like to provide you an update on the latest OpenSSL vulnerability known as DROWN. DROWN is a vulnerability that can affect HTTPS servers and other SSL and TLS services. We have received concerns about how this might affect ownCloud and while I’m happy to announce that ownCloud itself remains unaffected, some of the servers on which ownCloud may run could be vulnerable if they are running SSLv2 services.
In response to this threat, we recommend that you upgrade your servers to the latest vendor packages, so that you are no longer exposed to the vulnerability, and to restart the appropriate services. See https://drownattack.com/ for more information, and visit https://test.drownattack.com/ to see if your servers may be vulnerable. If you are unable to do this in such a short amount of time, it is recommended that you disable SSLv2 services ASAP.
If you are using one of the ownCloud clients for Windows, MacOS, Linux, Android and iOS, no worries, they are unaffected and there is no specific update required.
