Version 5.0.6 May 14th 2013
- SECURITY: SQL Injection (oC-SA-2013-019)
- SECURITY: Multiple directory traversals (oC-SA-2013-020)
- SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021)
- SECURITY: Open redirector (oC-SA-2013-022)
- SECURITY: Password autocompletion (oC-SA-2013-023)
- SECURITY: Privilege escalation in the calendar application (oC-SA-2013-024)
- SECURITY: Privilege escalation and CSRF in the API (oC-SA-2013-025)
- SECURITY: Incomplete blacklist vulnerability (oC-SA-2013-026)
- SECURITY: Information disclosure: CSRF token + username (oC-SA-2013-027)
- Fix renaming of shared files
- Fix UUID handling with LDAP
- Fix several undelete files issues
- Fix LDAP cachekey handling
- Several OCS API fixes
- Dropbox mounting fixes
- Remove ldap group name restrictions
- Fix fetching of the userlist with multiple user backends
- Turn off password autocompletion
- Translation fixes of the Shared folder
- Fix the fileactions order for filetypes
- Allow to ship a default theme
- Disallow URLs containing “@”
- Smaller layout improvemens
- Log an upgrade warning
- Log a trash bin cleanup message
- Improved quota calculation
- Allow to set Quota to zero
- Fix performance regression for uploading of big files
- Several Calendar fixes
- Use displaynames in contacts
- Check for existing address books during migrate->import
- Texteditor fixes
- Increase the SQLite database timeout
- Order images in Gallery
MD5: http://download.owncloud.org/community/owncloud-5.0.6.tar.bz2.md5
Version 4.5.11 May 14th 2013
- SECURITY: SQL Injection (oC-SA-2013-019)
- SECURITY: Multiple directory traversals (oC-SA-2013-020)
- SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021)
- SECURITY: Privilege escalation in the calendar application (oC-SA-2013-024)
MD5: http://download.owncloud.org/community/owncloud-4.5.11.tar.bz2.md5
Version 4.0.15 May 14th 2013
- SECURITY: Multiple directory traversals (oC-SA-2013-020)
- SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021)
MD5: http://download.owncloud.org/community/owncloud-4.0.15.tar.bz2.md5
Version 5.0.5 April 19th 2013
- Fix navigation hover effect
- Fix database migration
- Add a warning in the logfile when doing a migration
- Fix renaming of shared files
- Improved quota calculation
- Fix free space calculation
- Several layout fixes
- Better save mode check
- Cleanup database after user deletion
- Fix touch for creating new files
- Several trash bin fixes
- Update MediaElement.js
- Fix double address book problem
- Fix layout problem triggered by impress
- Several smaller fixes
- Security: XSS in flashmediaelement.swf (oC-SA-2013-017)
- Security: Authentication bypass in Contacts (oC-SA-2013-018)
MD5: http://download.owncloud.org/community/owncloud-5.0.5.tar.bz2.md5
Version 4.5.10 April 19th 2013
- Security: XSS in flashmediaelement.swf (oC-SA-2013-017)
- Security: Authentication bypass in calendar (oC-SA-2013-018)
MD5: http://download.owncloud.org/community/owncloud-4.5.10.tar.bz2.md5
Version 5.0.4 April 11th 2013
- Fix file renames
- Improved compatibility with PostgreSQL
- Fixed upgrade for PostgreSQL users
- Improved LDAP compatibility
- Fix the upgrade hint
- Make upgrade more robust fix maintainance mode
- Smaller CSS fixes
- Fix internet check for proxy users
- Manually disable files_archive app to fix upgrade
- Fix touch() for local storage
- Fix versioning check to allow installation of 3rd party apps
- Fix default quota
- Several contacts fixes
- Several calendar fixes
- Fixed ampache support in media player
- Improve mail function in antivirus app
- Fix setting of user quotas
- Fix deleted files size calculation
- Fix “You do not have write permissions here” warning
- Fix asynchronous loading of users
- Fix notice from the nullbyte check
- XSS vulnerability in jPlayer (oC-SA-2013-014)
- PostgreSQL: Insecure database password generator (oC-SA-2013-015)
- Windows: Local file disclosure (oC-SA-2013-016)
MD5: http://download.owncloud.org/community/owncloud-5.0.4.tar.bz2.md5
Version 4.5.9 April 11th 2013
- Fix public sharing
- Improved LDAP error reporting
- Don’t show share action for Shared folder
- XSS vulnerability in jPlayer (oC-SA-2013-014)
- PostgreSQL: Insecure database password generator (oC-SA-2013-015)
- Windows: Local file disclosure (oC-SA-2013-016)
MD5: http://download.owncloud.org/community/owncloud-4.5.9.tar.bz2.md5
Version 4.0.14 April 11th 2013
- XSS vulnerability in jPlayer (oC-SA-2013-014)
- PostgreSQL: Insecure database password generator (oC-SA-2013-015)
- Windows: Local file disclosure (oC-SA-2013-016)
MD5: http://download.owncloud.org/community/owncloud-4.0.14.tar.bz2.md5
Version 5.0.3 April 3th 2013
- Correctly handle .part files
- Improve PostgreSQL support
- Fix database upgrading from old versions
- Improved app styles
MD5: http://download.owncloud.org/community/owncloud-5.0.3.tar.bz2.md5
Version 5.0.2 April 2th 2013
- Fix versioning string
- Fix compatibility with older MySQL versions
MD5: http://download.owncloud.org/community/owncloud-5.0.2.tar.bz2.md5
Version 5.0.1 April 2th 2013
- Fixed classnames and improved autoloaded to improve compatibility with older PHP versions
- Show a warning if an insecure PHP version is used
- Filesizes are displayed correctly
- Fixed groups in usermanagement
- Several Internet Explorer fixes
- Use display-names in more places
- Fix upgrading of cache
- Fix navigation scrollbar for lots of apps
- Fixed ETag handling to prevent wrong conflict files
- Fix public link handling
- Better indexes to improve performance
- Several Windows server fixes
- Fix renames of shared files
- Fix PostgreSQL compatibility
- Improve error reporting for app installation
- Improved compatibility with Novell eDirectory
- Several LDAP fixes
- Improved sorting in usermanagement
- Improved background jobs
- Several CardDAV contacts fixes
- Several mediaplayer fixes
- Fixes for text editor
- Several lucene search fixes
- Several smaller fixes
- Contacts: SQL Injection (oC-SA-2013-012)
- Multiple XSS vulnerabilities (oC-SA-2013-011)
MD5: http://download.owncloud.org/community/owncloud-5.0.1.tar.bz2.md5
Version 5.0.0 March 14th 2013
- New design
- Restore deleted files
- New fulltext search
- Display names
- New photo gallery
- Improved calendar and contacts
- Improved bookmarks
- New documentation system
- Improved file cache
- Improved security checks
- Security hardening in templates
- Security hardening: Implemented Content Security Policy
- Better versioning of better autoexpire
- Extended external storage
- New OCS REST API support
- Improved apps management
MD5: http://download.owncloud.org/community/owncloud-5.0.0.tar.bz2.md5
Version 4.5.8 March 14th 2013
- Fix foldersize checks to validate zip input size
- Offer download of shared dir as zip only if zip size limit is not exceeded
- Escape more characters for LDAP search
- Fix versioning together with real home directories
- Multiple XSS vulnerabilities (oC-SA-2013-008)
- Contacts: Bypass of file blacklist (oC-SA-2013-009)
- user_migrate: Local file disclosure (oC-SA-2013-010)
MD5: http://download.owncloud.org/community/owncloud-4.5.8.tar.bz2.md5
Version 4.0.13 March 14th 2013
- Contacts: Bypass of file blacklist (oC-SA-2013-009)
- user_migrate: Local file disclosure (oC-SA-2013-010)
MD5: http://download.owncloud.org/community/owncloud-4.0.13.tar.bz2.md5
Version 4.5.7 Feb 20th 2013
- Fix for 3rd party apps dropping the database
- Fix SubAdmins management
- Fix PHP warnings
- Fix compatibility with some CIFS shares
- More robust apps management
- Remove not needed AWS tests
- Improved mime type parsing
- Several sharing fixes
- Offer the option to change the password only supported by the backend
- More robust auto language detection
- Revoke DB rights on install only if the db is newly created
- Fix rendering of database connection error page
- LDAP: update quota more often
- Multiple XSS vulnerabilities (oC-SA-2013-003)
- Multiple CSRF vulnerabilities (oC-SA-2013-004)
- PHP settings disclosure (oC-SA-2013-005)
- Multiple code executions (oC-SA-2013-006)
- Privilege escalation in the calendar application (oC-SA-2013-007)
MD5: http://mirrors.owncloud.org/releases/owncloud-4.5.7.tar.bz2.md5
Version 4.0.12 Feb 20th 2013
- Multiple XSS vulnerabilities (oC-SA-2013-003)
- Multiple CSRF vulnerabilities (oC-SA-2013-004)
- Multiple code executions (oC-SA-2013-006)
MD5: http://mirrors.owncloud.org/releases/owncloud-4.0.12.tar.bz2.md5
Version 4.5.6 Jan 22th 2013
- Improved language detection
- Improved translations
- Fix link to bugtracker
- Several IE 6/7/8 fixes
- SabreDAV updated to 1.6.6
- Improved error reporting
- Support special characters in mountpoint
- Interpret http 403 and 401 as not authorized in user_webdavauth
- Several fixes for special characters in files and folders
- Improved PostgreSQL support
- Check database names for valid characters
- Fix default email address calculation
- Remove debug output on send password page
- Add SMTP port configuration option
- Only show the max possible upload of 2GB on a 32 bit system
- Show progress during file downloads
- Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203
- Security: Fix Code execution in external storage: CVE-2013-0204
- Security: Removed remoteStorage app because of unfixed security problems.
MD5: http://mirrors.owncloud.org/releases/owncloud-4.5.6.tar.bz2.md5
Version 4.0.11 Jan 22th 2013
- Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203
- Security: Removed remoteStorage app because of unfixed security problems.
MD5: http://mirrors.owncloud.org/releases/owncloud-4.0.11.tar.bz2.md5
Version 4.5.5 Dec 20th 2012
- Show drag and drop shadow for Firefox
- Fix Knowledgebase under certain conditions
- Fix setting of sharing password
- Fix setting of sharing password
- Several sharing fixes
- Fixversioning during sharing
- Fix mounting of external filesystems especially CIFS
- Fix several PHP warnings
- Show /Shared as standard directory
- Fix session management for running several ownClouds on the same host
- Fix WebDAV quota enforement
- Fix CalDAV with LDAP users
- Better warning about missing dependencies
- Add warning about conflicting WebDAV auth and LDAP backend
- Restore send sharing link my email
- Fix encoding problem with mounting of CIFS filesystems
- Fix mimetype icons for new files
- Fix the folder size calculation
- Fix for deleting multiple files
- Fix for controling the data dir with LDAP
- Security: Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-006)
- Security: XSS vulnerability in bookmarks (oC-SA-2012-007)
MD5: http://mirrors.owncloud.org/releases/owncloud-4.5.5.tar.bz2.md5
Version 4.0.10 Dec 20th 2012
- Security: Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-006)
- Security: XSS vulnerability in bookmarks (oC-SA-2012-007)
MD5: http://mirrors.owncloud.org/releases/owncloud-4.0.10.tar.bz2.md5
Version 4.5.4 Dec 3th 2012
- Fix a regression for system where output buffering is disabled
- Fix a problem with old file versions stored in the filesystem cache
- Fix group and subadmin ajax bug
- Important LDAP fix
- Improved Updater
MD5: http://mirrors.owncloud.org/releases/owncloud-4.5.4.tar.bz2.md5
Version 4.5.3 Nov 27th 2012
- Fix the new from url button
- Fix a memory overflow with downloading of big files via WebDAV
- Better error output in case of DB problems
- Fix problems with uploading files who have special characters in the name
- Improved reverse proxy and load balancer support
- Fix wrong folder size calculation
- Improved share link generation
- Fix the syncing of the Shared folder
- Fix Sharing by link from within Shared folder
- Several LDAP integration fixes
- Fix support for PostgreSQL
- Several WebDAV fixes
- Fix drag and drop uploading
- Improved translations
- Several Gallery fixes
- Several Contacts fixes
- Smaller fixes
MD5: http://mirrors.owncloud.org/releases/owncloud-4.5.3.tar.bz2.md5
Version 4.5.2 Nov 14th 2012
- Fix syncing of shared folder
- Various sharing bugs fixed
- Fix bug with deleting users
- Fix check if resharing is allowed
- Fix webdavauth app
- Several ldap fixes
- Fix data migration
- Fix folder uploads
- Fix generatino of etags
- Fix user specific mount configuration
- Several PostgreSQL fixes
- Improved performance of file updates
- Fix some php warnings
- Fix filesize calculation
- Add visual feedback if password is set
- Various smaller fixes
- Several critical security fixes
- XSS vulnerability in user_webdavauth (oC-SA-2012-003)
- Code Execution in /lib/migrate.php (oC-SA-2012-004)
- Code Execution in /lib/filesystem.php (oC-SA-2012-005)
MD5: http://mirrors.owncloud.org/releases/owncloud-4.5.2.tar.bz2.md5
Version 4.0.9 Nov 14th 2012
- Several critical security fixes
- Multiple XSS vulnerabilities (oC-SA-2012-001)
- Timing attack in the “Lost Password” implementation (oC-SA-2012-002)
- Code Execution in /lib/migrate.php (oC-SA-2012-004)
- Code Execution in /lib/filesystem.php (oC-SA-2012-005)
MD5: http://mirrors.owncloud.org/releases/owncloud-4.0.9.tar.bz2.md5
Version 4.5.1 Oct 24th 2012
- Fix path encoding in breadcrumb
- Fix sharing of files with special characters
- Fix upercase/lowercase probelm in usernames with WebDAV
- Fix LDAP plugin with Postgres
- Fix userID migration
- Fix sharing of mounted Files
- Delete userfiles after deleting a user
- Make Webinterface work with nonstandard path
- Fix retrieval of Quota, Email via LDAP
- Show a warning in installer if .htaccess is not working
- Fix Shared folder caching
- Increase security by using openssl random number generator
- Fix syncing of rollback files
- Fix the swift files backend
- Disallow user to delete own account
- Security: Fix multiple XSS vulnerabilities (oC-SA-2012-001)
- Security: Fix a timing attack in the “Lost Password” implementation (oC-SA-2012-002)
- Various smaller fixes
Version 4.5.0 Oct 10th 2012
- Faster Syncing
- Sub Administrators
- GUI for mounting of external storage
- Improved File Versioning
- Enhanced Sharing
- Reworked LDAP
- Big File Chunking
Version 4.0.8 Oct 10th 2012
- Show Login Button when user and password are autocompleted
- Sanitize LDAP base, user and groups
- Security: Fix for insufficiently Random Values (CVE-2008-4107)
- Security: Fixed multiple XSS vulnerabilities (CVE-2012-5056)
- Security: Fixed a HTTP header injection (CVE-2012-5057)
- Security: Fixed an Auth bypass in /lib/base.php (CVE-2012-5336)
Version 4.0.7 Aug 15th 2012
- Show Login Button when user and password are auto-completed
- Sanitize LDAP base, user and groups
- Fix non active Adressbooks
- Calendar: Remove double html encoding
- Fix label for versioning in admin settings
- Add parent directory into filecache if it doesn´t exist
- Handle non writable files correctly
- Disable webfinger completely if not activated
- Security: Disable user listings in DAV (CVE-2012-4390)
- Security: Check file blacklist for file renames (CVE-2012-4389)
- Security: CSRF fix for appconfig.php (CVE-2012-4391)
- Security: Validate cookie to prevent auth bypasses (CVE-2012-4392)
- Special thanks to Julien Cayssol for reporting several security problems
Version 4.0.6 Aug 1th 2012
- More robust LDAP integration during unexpected collisions
- Fix sharing for users with @ in username
- Additional error handling for emailing of private links
- Cleanup old session files
- Fix user space calculation
- Fix Ampache authentication
- Remove delete tipsy if file is deleted
- Don´t delete lot´s of session files during DAV requests
- Fix error when no adressbook is created
- Check if php-ldap is installed
- Security: Check for Admin user in appconfig.php (CVE-2012-4752)
- Security: Several CSRF security fixes (CVE-2012-4393)
Version 4.0.5 July 20th 2012
- Fix remember the username and autologin
- Offer an option to allow sharing outside the group.
- Fix for birthday format
- Fixes for several encoding fixes for unicode characters
- Fix invalid filesystem cache in the sharing folder
- Several calendar and contacts fixes
- Fix sending of emails
- Several fixes in the system log
- Several fixes for the external filesystem feature
- Security: Fix a reflected XSS (CVE-2012-4394)
Version 4.0.4 June 28th 2012
- Fix assigning several groups to a user.
- Fix LDAP connector with AD servers
- Conserve some memory in Contacts App
- Fix a warning in Gallery when deleting files
- Fix a bug in the music scanner
Version 4.0.3 June 23rd 2012
- Added a check if the .htaccess file is working and the data directory is protected or not.
- Added a check if a user is allowed to edit a bookmark or not.
- Fix the bookmarklet
- Fix the timezone in the datepicker
- Fix mimetype detection for cdr files
- Fix the filecache for the /Shared folder
- Fix a potential data corruption bug in the encryption app
- Don´t show other users filenames during filesystem cache rebuild
- Security: Fix several XSS bugs (CVE-2012-4395)
- Performance improvements for WebDAV and Desktop Syncing
- Fix quota calculation
- Improve the LDAP integration and group management
- Fix problems with the pdf viewer
- Fix user account migration
- Implement several CSRF security checks
- Fix a gallery bug where first picture is repeated in the last picture.
- Lot´s of calendar fixes
- Fix problem with “/” in filenames
- Updated translations
- Several fixes in Contacts
- Lot´s of fixes in the Tasks App
- Fix a bug in the filesystem cache with ghost entries
Version 4.0.2 June 11th 2012
- Lot’s of gallery fixes
- More 3rd party apps visible
- Fixed update notifications
- Several calendar fixes
- Several XSS fixes in calendar (CVE-2012-4396)
- Several improvements in contacts
- Fix infinite redirect during setup for windows hosts
- Several XSS fixes in contacts (CVE-2012-4396)
- New user password salting
- Several LDAP fixes
- Fix duplicate emails in sharing
- Improved compatibility with Android browser
- Fixed calendar links
- Fixed logging
- Allow “/” in filenames
- Updated translations
- Fixed reverse proxy and custom hosts configuration
- Fix contact photo editing
- Don’t allow renaming, deleting and resharing of shared folder
Version 4.0.1 June 4th 2012
- Verify if user exists when loggin (oc-863)
- More efficient log file handling
- PDO requirement check
- Check if apps folder is writable
- prevent division by zero problem during output of free space
- better mysql error message
- correctly configure ldap group backend (oc-887)
- sort users and groups (oc-779)
- LDAP. correctly handle group filter (oc-867)
- try to switch magic quotes of globally
- fix ategory error reporting (oc-874)
- correctly handle reverse proxy / load balancer https handling
- prevent session already started warning
- fix the files breadcrumb
- don’t try to use smtp auth if config files says no
- fix versioning path
- security: fix a XSS problem in calendar
- make LDAP pqsql compatible
- fix pqsql database migration
- fix ldap config interface
- support for LDAP “member”
- don’t hardcode /tmp
- fix potential security problem for requested apps parameter
- fix notes in contacts properly
- fix timezone detection
- fix interti_id in calendar
- set DB prefix for pqsql
- security: fix a XSS problem in contacts
- correctly encode caldav link
- allow longer path in gallery
- disable not compatible apps during upgrade
- fix HEAD request for downloads
- fix private link sharing via email
- use UTC as default timezone
- style fixes for tasks app
Version 4.0.0 May 22nd 2012
- File Encryption
- File Versioning
- Mounting of external Filesystems (experimental)
- TODOs App
- Drag & Drop File Uploading
- Shared Calendars
- Calendar categories
- Hugely improved contacts app including groups
- Improved WebDAV, CalDAV, CardDAV compatibility
- Movable Apps
- Improved External App
- Improved Sharing of Files
- Overall Performance Improvements
- System/User Exporting/Importing
- User/Groups support via LDAP/AD
- Viewer for ODF Files
- Improved Photo Gallery
- Improved installation of 3rd Party Apps
- Logging via syslog
- New public API for App developers
- Lots of bug fixes, smaller enhancements and UX improvements.
Version 3.0.3 April 27th 2012
- Security: Several CSRF fixes
- Security: .htaccess uploading blacklist
- Backport link in the Help center to the online documentatio
- Backport link in the Help center to the “Big Files” howto
- Check if JSon module is installed
- Check if GD module is installed
Version 3.0.2 April 11th 2012
- Drag and Drop fixed
- Fixed Sharing for LDAP Users
- Fix loading of LDAP Plugin
- Security: Make password hashes more random
- Security: Fix a XXS problem
- Multiple bugfixes
Version 3.0.1 April 3rd 2012
- Fixes for big file uploads
- Performance improvements for WebDAV
- IE8 fixes
- Several small bugfixes
Version 3.0 January 31st 2012, Release Announcement
- Text editor
- Improved photo gallery
- Improved calendar view
- PDF viewer