Official PHP 7.2 support
With the 10.0.8 release, the future deprecation of PHP 5.6 and 7.0 was announced – ownCloud Server now follows up with official PHP 7.2 support. This brings ownCloud to the edge of current technology – read more in our blogpost about the topic.
The preparation of ownCloud for PHP 7.3, which is expected by the end of 2018, is already going on. When you are still running 5.6 or 7.0, please plan an upgrade to 7.2 soon. Please take a look at the release notes, before you upgrade.
New Local User Creation Flow
Until this version, you could create a local user by entering a Username and a Password. This means you had to give the password to the user via another communication channel, and the user had to change it afterwards. This version brings a big improvement to this workflow.
The local user creation flow now takes a Username and an E-Mail address, and sends an activation link to new users.
This way user creation is easier and more secure – new users get the information automatically and can choose a password themselves. If you still need the old workflow, you can use an option in the bottom left settings cog to change to the old behavior.
HTTP API for Search
ownCloud Server 10.0.10 introduces a HTTP API for the search functionality. It makes it possible to query for search terms on the server and deliver the results via HTTP. With upcoming releases the ownCloud Clients will be able to search files on the server without having them available locally.
In combination with the Full Text Search integration, which is coming soon as an free app available on the Marketplace, this will boost usability and productivity for users. If they need a file quickly on their mobile phone or computer, they can search through all contents in their account.
Native Brute-Force Protection
With the new version comes a Brute Force Protection extension. This app emerged from a joint effort between the ownCloud team and Semih Karakaya, who was ownCloud’s GSoC student last year. Thanks for this valuable contribution!
The app protects you and your users against password bruteforce and dictionary attacks. Administrators can specify a maximum number of unsuccessful user account login attempts. When someone reaches the unsuccessful login limit, ownCloud temporarily bans further login attempts to those user accounts from the originating IP address. ownCloud administrators can configure the time frame of the ban.
Once a ban is in effect, an attacker is forced to either change their IP address or wait for the ban time to expire before continuing the attack. This best-practice approach increases the amount of time required to conduct an
attack, drastically reducing the feasibility of the attack and the possibility of a successful account login.
Previously, protecting ownCloud against brute force and dictionary attacks was only possible with fail2ban. This required root privileges, and parsing logfiles with regular expressions – a very complex solution.
With the brute force protection app an ownCloud admin can configure it with 3 simple values. This way, the security feature is convenient and does not get in your way.
Improved Upload Reliability on Unreliable Connections
The file upload in the ownCloud web interface is more reliable now. When you upload large amounts of data on unreliable connections (e.g., on the train or with mobile data) you have to deal with interruptions and timeouts. In the past this stalled uploads had to restart from the beginning in some cases, now it will continue.
ownCloud’s chunking mechanism splits large files into pieces and uploads them separately. There’s a new logic that takes care of retrying stalled chunks. With this, uploads can now continue from the point they froze, as soon as the connection becomes available again.
New Option to Prevent Sharing With Specific System Groups
System groups in ownCloud can have many purposes. You can use them for sharing with many users at once, for feature and access restrictions or for storage mounts to specific users – just to name a few.
In some cases, especially in larger deployments, you don’t want that a group which you use for other purposes is available for sharing, too. To prevent users from sharing with such groups, you can now use the option Exclude groups from receiving shares in the Sharing administration settings.
Only Desktop Client 2.3.3 and Higher Supported
To ensure a clean and reliable operation of the ownCloud platform it is important to keep it up-to-date. To make sure the Server and the Desktop Clients are compatible, the server will only accept connections from Desktop Clients with version 2.3.3 or higher.
While it’s recommended to keep up with the latest versions, 2.3.3 is the new default value. You can also change it to other versions, if it really is necessary.
Configure the Language of Public Link Sharing Mails
In the Sharing settings, you can now choose one default language for mail notifications for sending public links via mail in the public link sharing dialog. If ownCloud does not know the language of the recipient, and you didn’t choose a default language, it will use the language of the user who sent the notification.