With version 10.0.9, ownCloud’s more than 25 million users will receive increased options for sharing files securely and flexibly. The integration of S3 Object Storage now enables administrators to operate their ownCloud in storage systems that will grow along with their requirements. The systematic adaptation of versions and deleted files has also significantly improved performance when saving and deleting files in object storages and the new “Password Policy” app will provide users with a useful tool for defining individual rules for data protection. Password policies can now be defined for all users and a password history prevents previously used passwords from being set and the ability to accept or reject pending shares of received files provides additional control and security. Other apps such as Activity and Gallery have also been updated. ownCloud 10.0.9. and the corresponding ownCloud apps are now available for download at www.owncloud.org/download and marketplace.owncloud.com.
The greatest innovation in ownCloud 10.0.9 is the introduction of the “Pending Shares” function. In previous versions, shared files were automatically added to the recipient’s server and client. In an attempt to more easily manage these shares and to increase the personal freedom of the user, incoming shares can now be given a “pending” status, which gives users the option to selectively accept or reject files. The new notification framework also allows users to be notified about newly released files via email, the notifications button in the webview, or within the desktop client.
With the introduction of Pending Shares, the developers have responded to the desire of many users for more flexibility and usability. Users now have an overview of their shared files and the ability to accept shares that have previously been rejected. With the “Exclude groups from sharing” option, administrators can also individually define the rights of specific users or entire groups; files will no longer be shared by certain users if they are in a specific group.
Object Storage for Everyone
The S3 API is now natively supported. With the integration of S3 Object Storage, users now have the option to operate their ownCloud with Object Storages. This new development improves the handling of file versions and deleted files, which are now displayed directly via an S3 API function, allowing unlimited file sizes. The feature, which was previously only part of the ownCloud Enterprise Edition, is now also available to the community without restriction and is important for users who want to use decentralized object storage solutions when modernizing their storage infrastructure. This often enables an even more cost-effective operation with ownCloud. With the decision of the S3 protocol, ownCloud follows the general market trend in which the use of object storages is becoming increasingly more important. Soon, ownCloud will certify object storage software and systems for the ownCloud Enterprise Edition.
Compliance, Audit and GDPR
To meet the additional security and compliance requirements of the EU GDPR, operators of ownCloud now have the option to set links to the imprint and the data protection declaration directly via the admin settings, which are then displayed on all pages of the ownCloud web interface and in the footer of notification emails.
For the administrators of ownCloud Enterprise, there are new events in the audit log to further improve auditing capabilities. Information about user changes, sending public links by email and accepting/rejecting approvals can now be displayed in the audit log. The output format has also been optimized for external analysis tools such as Splunk. Administrators can now switch to the new “admin audit” app and adjust the dashboards accordingly for evaluation.
Additional Protection Through Extended Password Policies
With the release of ownCloud Server 10.0.9, a major new version of the “Password Policy Extension” has been released for all users. Up until now, the feature was only available to ownCloud Enterprise customers. The app now includes features that allow administrators to define certain rules, asking users to change their passwords under certain conditions. For example, administrators can prevent the last ten passwords from being re-selected by a user. Admins can also ask users to create a new password the first time they log on. In addition, expiration dates can also be set for individual passwords, forcing a change every 90 days. Users are informed by email in a configurable number of days before or after the password has expired. Installing the policy extension makes sense for users and organizations that manage personal and other business-critical data, as strict password rules significantly minimize the risk of brute force attacks.
In addition to these major new developments, ownCloud 10.0.9. also brings numerous other improvements such as password reset emails that can be sent and adapted as HTML. Internet Explorer 11 and Microsoft Edge users now benefit from easier handling of large files. Small errors in the handling of checksums to check the file integrity with the ownCloud Desktop Client have also been fixed.
A detailed overview of all changes can be found in the changelog (https://owncloud.org/changelog/server/) and the release notes (https://doc.owncloud.org/server/10.0/admin_manual/release_notes.html#release-notes-label).
Picture Source: ownCloud GmbH / Graphicburger