We’re already in November and the last months have been very busy. We’ve had the ownCloud Contributor Conference at the tail end of August, followed by the ownCloud Server 8.2 release 6 weeks later. Now, it is time to go and catch up to our development reports! We’ll cover the second half of August and all of September in this one.
The biggest items during this period include security- and encryption improvements- as well as very visible changes for users, like the integration of the new sidebar and changes to icons, colors and menus in ownCloud.
There have been many changes throughout ownCloud, as usual. Here are some highlights.
- The temporary directory used by ownCloud is now configurable. This can be useful, especially with external storage which does not support file seeking. ownCloud works around this limitation by downloading the file a user is seeking into the temporary directory. This gives a seamless experience to users, but can require a lot of storage space. Making this location configurable allows the admin to, for example, pick a place with more space, or to put the temporary folder under the data directory.
- The addition of support for CSP in the Edge browser in Windows 10 without the corresponding EventSource capability means ownCloud wouldn’t work on this browser if it was not for a custom CSP for Windows 10.
- One of 8.2’s new features, the ability to update mime types in the database, was introduced.
- Another new feature is notifications. The notification manager was merged. And here, the first pieces of the query builder for app developers was merged.
- We now display app names in the update page during app updates.
- Forget about downgrading: it is no longer possible as it is quite likely to break your system.
- There is now an OCS API for getting the shares list.
- Here are some changes to the example theme to make it easier for non-programmers to figure out what to change and to make a nice custom ownCloud theme.
Security and Encryption Improvements
To improve security, a session wrapper was added which encrypts session data (like external storage passwords) before storing it on disk. More importantly, using a password hash rather than the password itself to encrypt the private key (which is, in turn, used to encrypt user data) makes it much harder for an attacker to brute force his way into user data. We’ve also added mitigation against the BREACH security threat.
Encryption users who need to integrate ownCloud in their infrastructure sure appreciate this PR to make root of key storage configurable. Also useful for users of the Encryption app is the addition of an ‘encrypt all files’ to the occ tool and it was made possible for the admin to set a master key for all files which are encrypted.
Of course, this covers just a few of the security hardening and encryption improvements which made it into ownCloud 8.2 and, in many cases, were also backported to earlier ownCloud releases! ownCloud is dedicated to continuous improvements in the area of security, something which shows in the numbers. Also, see the talks covering the state of ownCloud security, the improvements to the ownCloud Encryption app and ideas for client side encryption at the ownCloud Contributor Conference.
As always, there have been several changes with a focus on performance. This includes better usage of the cache for previews, but there has also been work to compensate for a slow-down which was caused by safely encrypting sessions on the server. Combined with caching, some results for GET requests have had the time cut in half for these common operations. Since the release of ownCloud 8.2, many more performance optimizations have been added, but that’s for another report!
Design and Style of ownCloud 8.2
ownCloud 8.2 has introduced a new sidebar. More than a dozen pull requests were related to the sidebar, even though the initial version was merged earlier in August. There were also a number of other changes to the user experience, many of them added in these pull requests:
- Upload in New menu
- Large preview for images in the sidebar
- Add versions tab to files sidebar
- Simpler style for file type icons
- Compress icons in navigation, move to monochrome
- Simplify the login screen
- Reduce grey tones in app navigation
- Only show the search icon rather than the full field
- Make profile pictures round
- Adjust style of triangle and caret icons
- Fix wording of update header
- Use the main search box to filter users in user management
And of course there are many more design related pull requests in this period!
Other ownCloud Happenings
We also covered the release of the ownCloud Desktop Client version 2.0, which introduced multi account support among other features. In other client news, we published a blog about the following:
- Roeland posted about how ownCloud is not a backup solution.
- Steffen Lindner reported on the ownCloud Mail app.
- We wrote about the release of ownCloud Proxy and updates 8.1.3, 8.0.8 and 7.0.10.
- And I did a call to action for FOSDEM and SCALE! We could really use your help at these events! Give me a shout if you’re up for it.
- In “awesome” news, the FeedReader app for the GNOME desktop gained an ownCloud backend!
- Also awesome– we published a very cool timeline of ownCloud events! Check it out on our history page.
Getting ownCloud News
Note that you can sign up to our newsletter to stay up to date with monthly summaries of what is going on in ownCloud. And if you’re an ownCloud contributor, you should get your blog aggregated on owncloud.org/news! Ping Jos with your RSS feed.
You should also, absolutely, be signed up for our announcement mailing list if you administer your ownCloud server. We don’t send mails often, but when we do you know they are important!
More on the social side– there are ownCloud events coming up. You can meet fellow ownCloud users and developers at our ownCloud meetups or see us at conferences. Find a calendar of ownCloud events on owncloud.org/events. ownCloud meetups are great a chance to learn more about ownCloud or to get coding work done. If you know of other (regular or not) meetups or if you are interested in organizing one yourself, check out this page on how to get involved.