News from ownCloud | ownCloud | Release

ownCloud 9.0.4, 8.2.7, 8.1.9, 8.0.14 released

We have released ownCloud server versions 9.0.4, 8.2.7, 8.1.9 and 8.0.14, which contain several bug fixes as well as security-related issues. A third party component called “Guzzle” is affected by HTTPoxy vulnerability (as filed as CVE-2016-5385 for PHP). This component, which handles http requests on behalf of ownCloud can be tricked into passing inbound requests […]
ownCloud secure cloud solution for filesharing

httpoxyWe have released ownCloud server versions 9.0.4, 8.2.7, 8.1.9 and 8.0.14, which contain several bug fixes as well as security-related issues.

A third party component called “Guzzle” is affected by HTTPoxy vulnerability (as filed as CVE-2016-5385 for PHP). This component, which handles http requests on behalf of ownCloud can be tricked into passing inbound requests to a proxy server controlled by a third party. in combination with the ajax cron feature, the third party can potentially see external storage credentials and data. We recommend to use system cron whenever possible, which also significantly improves reliability and experience.

Mitigation/Fix

If possible, we recommend an immediate update to 9.0.4, 8.2.7 or 8.1.9 respectively, which each contain a patch for Guzzle. ownCloud 8.0 is shipping an older version of Guzzle and is not affected. However, 8.0.14 fixes a number of other issues and we encourage everyone on older versions of 8.0 to update right away as well.

If you cannot update immediately, please consider adding server-level workarounds for the HTTPoxy issue. For more details, read the full change log

ownCloud

July 19, 2016

Ready to see what’s next?

Having trouble viewing or submitting this form?

Contact Us

We care about protecting your data. Here’s our Privacy Policy.

Read now:

“Security is not a privilege”

“Security is not a privilege”

We spoke with Thomas Haak, CEO, Lywand Software, about his enterprise’s mission of making cybersecurity available easily for SMEs. Alongside, he also shared his experience regarding data security at ownCloud.

read more
Integrate ownCloud & Microsoft 365 to protect sensitive data

Integrate ownCloud & Microsoft 365 to protect sensitive data

Whether it’s files containing personal data (GDPR), intellectual property or sensitive corporate data from HR, finance or M&A, companies and organizations strive for seamless and easy-to-use digital collaboration even in those areas – both internally and externally. However, the special level of protection of certain data prohibits their processing in the public cloud. ownCloud can now be seamlessly integrated into Microsoft 365 as a “safehouse” for particularly sensitive data, keeping them out of the Azure Cloud.

read more