Server

To download older versions please visit see downloads archive page.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog.

Unreleased

Added

  • Allow loading JSON files in setups with pretty URLs - #32835
  • Support global CORS domains for public pages - #33139
  • New tag scope "static tags", editable but not assignable - #33420
  • Added "getBucket" method to HomeObjectStore to fix S3 issue - #33513
  • Pass an additional parameter on the core update - #33641
  • Added short list argument to occ files_external:list - #33684
  • Public JS utility function for email validation - #33699
  • Introduce persistent and explicit locking of file and folders - #33266
  • Federated sharing new spec OCM 1.0-proposal1 - #33027

Changed

  • Set shipped apps max version to 10 in preparation for Semver switch - #33496
  • If only the patch level of an app's version changes no migrations will run - #33218
  • User/group deletion in users page now has a confirmation dialog - #33626
  • Disable browser autocomplete for password fields - #32590
  • Minor and patch updates of dependencies as at 20181126 - #33683
  • Bump punic 3.1.0 => 3.2.0 - #33462
  • Bump phpseclib/phpseclib from 2.0.11 to 2.0.12 - #33433
  • Bump symfony 3.4.15 to 3.4.19 - #33001 #33460 #33667
  • Bump symfony/polyfill components v1.9.0 => v1.10.0 - #33377
  • Bump symfony/translation from 3.4.17 to 3.4.18 - #33429
  • Bump jakub-onderka/php-console-highlighter from 0.3.2 to 0.4 - #32944
  • Bump handlebars from 4.0.11 to 4.0.12 in /build - #32661
  • Bump sinon from 6.2.0 to 7.1.1 - #32825 #33073 #33306 #33373
  • Bump karma from 3.0.0 to 3.1.3 in /build - #33256 #33343 #33737
  • Bump league/flysystem from 1.0.46 to 1.0.48 - #33199
  • Bump composer/xdebug-handler to 1.3.0 - #32977
  • Bump sabre/dav from 3.2.2 to 3.2.3 - #33276
  • Bump friendsofphp/php-cs-fixer (v2.13.0 => v2.13.1) - #33290
  • Bump hoek from 4.2.0 to 4.2.1 in /build - #33574
  • Bump stringstream from 0.0.5 to 0.0.6 in /build - #33755
  • Update moment JS to 2.22.2 - #33650

Removed

  • Deprecate Sharing 1.0 APIs which will be removed in ownCloud 11 - #33220

Fixed

  • Fix system tags object mapper for Oracle - #33772
  • Adjust last login time when using auth modules - #33752
  • Disable share autocomplete endpoint for members of groups excluded from sharing - #33736
  • Fix issues with expiration date validation in public link dialog - #33735
  • List compatible apps instead of missing ones in occ upgrade process - #33730
  • Add background job to clean up orphaned DAV properties - #33722
  • Fix paginated iteration when syncing users - #33698
  • Cannot set 0 as value for config through OCC command - #33643
  • Fix for some upgrade path that led to DAV tables missing bigint conversion - #33603
  • Fix checksum verify command verbose mode and path argument handling - #33610
  • Fix form to enter initial password to properly display error message - #33453
  • File cache corruption check now only reports storage id once - #33539
  • Fix escaping of public share names - #33419
  • Update config.sample.php to fix a broken link - #33518
  • Add "uid" argument to Symfony login events for consistency - #33470
  • Prevent deletion of calendar group shares during cleanup - #33394
  • Fix upload avatar for LDAP users - #33369
  • Fix double escaping in email subject - #33342
  • Add missing type hints in code - #33314
  • Increase versions list performance by ignoring shared storages - #33291
  • Fix PROPFIND with Depth infinity requests through Sabre update - #28341
  • Adjust "has never logged in" text in occ command - #33275
  • Don't remove temporary file on failure when creating office file preview - #33234
  • Warning log about oc_readonly storage wrapper is now logged in debug level - #33212
  • Fix occ encrypt-all command to not attempt re-encrypting already encrypted files - #33206
  • Register areCredentialsValid as a sensitive logging method - #32713
  • Deletion of user now also updates storages applicable fields - #32906
  • Blacklist the method "setPassword" in stack traces - #33176
  • Fix wording in occ command help - #33179
  • Fix preLogin hook parameter inconsistencies - #33185

10.0.10 - 2018-09-18

Added

  • Store user name in oc_preferences when provided by backend, use in external storage save in session mode #32587
  • Support JSON format for settings passed to occ system:config:set - #32524
  • occ decrypt-all command can now read password from an environment variable - #32252 #32677
  • Roave Security Advisories as a development dependency - #31818
  • Store timestamp when ownCloud was first installed - #32000
  • Symfony events for login action with token or Apache - #31985
  • Search API for files using Webdav REPORT and underlying search provider - #31946 #32328 #32603
  • Add information whether user can share to capabilities API - #31824
  • Reload the filelist view when accepting or rejecting a share - #31798
  • Allow different language in public link share email - #31767
  • Command files:scan now outputs items per second - #32093
  • New option to prevent users to share with specific system groups - #31740 #32533 #32501 #32707
  • Hook "loadAdditionalScripts" now also available for public link page - #31944
  • Add url parameter to files app which opens a specific sidebar tab - #32202
  • Retry chunks in web UI on stalled or timed out uploads - #32170 #32335
  • Add log entry for each migration that is run - #32461
  • Ability to create users and send them an email for password creation - #32466
  • Command for resetting password now supports sending reset email and outputting link - #32500
  • Added Phan static code analyzer to improve code quality - #32492
  • Added method in PHP share API to set password hashes directly - #32572
  • Experimental support for asynchronous MOVE operations - #32414
  • Config report now contains list of all migrations that have run, for easier debugging of update issues - configreport/#68

Changed

  • Update CA bundle - 2018-06-20 - #32688
  • Minimum desktop client version is 2.3.3 - #32657
  • Handle SSL certificate verifications for others than Let's Encrypt - #31858
  • Insufficient storage exception now logged with "debug" log level - #31978
  • Skip filecache repair step for version greater than 10.0.4 - #31803
  • Bump sinon from 2.4.1 to 6.2.0 in /build - #32319 #32662
  • Bump karma from 2.0.2 to 3.0.0 in /build - #31892 #32197 #32317
  • Bump behat/behat from 3.4.3 to 3.5.0 - #32318
  • Bump paragonie/random_compat v2.0.15 to v2.0.17 - #32107
  • Bump symfony/event-dispatcher from 3.4.12 to 3.4.13 - #32199
  • Bump symfony/console from 3.4.12 to 3.4.13 - #32140
  • Bump symfony/routing from 3.4.12 to 3.4.13 - #32137
  • Bump symfony/process from 3.4.12 to 3.4.13 - #32135
  • Bump symfony/translation from 3.4.12 to 3.4.13 - #32198
  • Bump symfony polyfill 1.8.0 to 1.9.0 - #32255
  • Bump swiftmailer/swiftmailer from 5.4.9 to 5.4.10 - #32200
  • Minor dependency bumps 2018-08-26 - #32439
  • Bump symfony 3.4.11 to 3.4.12 - #31912
  • Bump symfony 3.4.15 and zend-stdlib 3.2.1 - #32499
  • Allow slashes in generated resource routes in app framework - #31939
  • Email field is now default in user management page, users receive an email with token to set initial password - #32466 #32648 #32636 #32672 #32672 #32685 #32690
  • Split of config.sample.php into two files for core and apps - #32554 #32634

Removed

Fixed

  • Fix PHP 7.2 issue with ini_set - #32538
  • Prevent logging LDAP password in case of failure - #32592
  • Prevent passwords to be set to empty strings - #32581
  • Fix update issue related to oc_jobs when automatically enabling market app to assist for update in OC 10 - #32573
  • Trigger missing migrations in files_sharing app, adds indices and can speed up some instances - #32562
  • Fix issue with spam filters when sending public link emails - #32542
  • Fix version previews to fall back to icon when no preview provider is available - #32474
  • Fix master key recreation - #32504
  • Return correct status when IMip email delivery fails - #32489
  • Fix typos in config.sample.php - #32496
  • Don't check for avatar folder if not enabled - #32490
  • Add missing ILogger declaration in MigrationService - #32473 #32475
  • Fix JS tests for future Sinon JS update - #32488
  • Command to verify checksums is now more robust - #32360
  • Fix not allowed to share message - #32429
  • Update php doc to reflect proper return type - #32427
  • Catch more errors in SMB storage - #32416
  • Don't crash on filescan where folder has symlink - #32408
  • Fix issue with some special characters in queries - #32412
  • Use the core exception logger functionality in cron.php - #32404
  • Compare UIDs instead of objects when changing displayname - #32409
  • Compare UIDs instead of objects when changing email address - #32391
  • Improve performance when propagating size updates in file cache - #32304
  • Prevent current chunk assembly failing by setting the exclusive file lock earlier - #32334
  • Don't strip linebreaks in personal note of public link share - #32331
  • Let files be overwritten by rename operations on local storage instead of pre-deleting - #32273
  • Continue with upgrade even if the market app cannot be disabled - #32324
  • Versions app now works also when comments app is disabled - #32208
  • Fix two factor challenge page for when password has expired - #32058
  • Scanner now properly resets checksum whenever a file has changed remotely - #32284
  • Fix checksums not being updated on modifying shared file for objectstore - #32364
  • Accept email addresses with subdomains with hyphens for public link emails - #32281
  • Properly set installed_version flag when enabling app via provisioning api - #32214
  • Fix API response of pending shares when the state did not change - #32156
  • Read mtime from both JS properties in web UI upload for browser compatibility - #32013
  • Fix warning in logs while moving FutureFile after chunk assembly - #32166
  • Allow null in "Origin" header for third party clients that send it with WebDAV - #32189
  • Fix calendar or reminder insertion error via CalDAV on MacOS - #32024
  • Properly log failed message when token based authentication is enforced - #31948
  • Prevent share access to birthday calendar - #31882
  • Added space in display names of shared calendar/contact - #31877
  • Deleting a user now also properly deletes their external storages and storage assignations - #32069
  • Improve text about logging in config.sample.php - #32049
  • Use OC_DEFAULT_MODULE constant for encryption in core - #31838
  • Unset encrypted flag in file cache when running decrypt-all command - #32027
  • Fix decrypt of single user in decrypt-all command - #32168
  • Fix login exception in decrypt-all command - #31986
  • Properly clean up encryption keys after file deletion - #31959
  • Remove sensitive shared_secret data from occ config:list output - #31997
  • Fix file cache update function to properly handle empty string and nulls with Oracle - #31996
  • Fix bogus etag update when propagating etag for federated shares - #31992
  • Display all failed recipients when sending link share email - #31935 #32633
  • Lock public link share dialog while processing - #31928
  • AppManager text typo and PHPdoc return tags - #31918
  • Optimize file uploads with PUT method, with custom mtime, use storage instead of view - #31891
  • Optimize file uploads with PUT, don't fetch and update checksum again, reuse the one from part file - #31768
  • Do not throw an error when the same theme is enabled twice - #31783
  • Fix repair step that removes duplicate sub shares - #31146
  • Adjust code to follow coding standard - #32116
  • Fix overriding for gif images in themes for CLI scripts - #32131
  • Fix wording on password change page - #32146
  • Fixed mount config in frontend to only load once to avoid side effects - #32095
  • Don't urlencode group id to make it work with "/" and "%" - #31109

10.0.9 - 2018-07-17

Added

  • Added account module middleware to be able to plug in logic after authentication - #31883 #31933
  • occ user:list now takes a list of attributes to display - #31115
  • Added Symfony events for user preference changes - #31266
  • Added Symfony events for public links shared by email - #31632
  • Added Symfony events for accept and reject for local shares - #31702
  • Added support for Imprint and Privacy Policy URLs in web UI and email footers - #31666 #31699 #31730 #31766
  • Added HTML template for lost password email - #31144
  • Received local shares can now trigger a notification to accept or reject them, also visible in "Shared with you" section - #31613 #31886
  • Rejected shares can now be accepted again in the "Shared with you" section - #31613
  • Provide original exception via logging events - #31623
  • Share autocomplete now displays useful tooltip when typing less characters - #31729
  • Added public Webdav API for versions using a new "meta" DAV endpoint - #31729 #29637 #31805 #31801
  • Added support for retrieving file previews using Webdav endpoint - #29319 #30192 #31748 #31788 #31862 #31865
  • Added versioning support for primary object store - #29607 #31285 #31595

Changed

  • Updated ca-bundle.crt - #31734
  • Bump symfony to 3.4.8 and other pending minor bumps - #31221
  • Bump karma from 2.0.0 to 2.0.2 in /build - #31253
  • Bump karma-jasmine from 1.1.1 to 1.1.2 in /build - #31378
  • Bump karma-coverage from 1.1.1 to 1.1.2 in /build - #31380
  • Bump zendframework/zend-inputfilter from 2.8.1 to 2.8.2 - #31431
  • Bump icewind/smb from 1.1.0 to 3.0.0 in /apps/files_external/3rdparty - #31521
  • Bump symfony 3.4.9 to 3.4.11 - #31571
  • Update jsdoc requirement to ~3.5.5 - #30036
  • Removed example theme which now lives in the theme-example repository - #31447
  • A user who is a member of multiple groups is now excluded from sharing if at least one of their group is configured for exclusion - #31737 #31822
  • Changed back default minimum search characters to 2 for share autocomplete due to confusion - #31729
  • Files app UI now uses new versions API through the "meta" DAV endpoint - #29607

Removed

  • Removed old private ajax API for previews, deprecated by DAV endpoint support - #30254
  • Bookmarks certificate was removed - #31878

Fixed

  • Adjustments for the notifications messages of the sharing apps - #31947
  • Disable jquery globalEval - #31972
  • Work around Edge browser memory leak in web UI chunked upload - #31884
  • Don't fail if ISqlMigration doesn't return anything - #31779
  • Fixed restoring of versions for single file shares - #31681
  • Group admins are not able to create groups any more using provisioning API - #31738
  • Fix Oracle for queries using ILIKE operator - #31466
  • Improve user-sync command help description - #31691
  • Fix deletion and restoration of files in trashbin in some partial selection scenarios - #31700
  • Do not load the code of disabled theme apps - #31478
  • Fix encrypt-all and decrypt-all commands to keep shares when encrypting - #31600 #31590
  • Proceed with encrypt-all command by enabling user-keys if no mode is selected by user - #31612
  • Validate maximum length of a username - #31664
  • Save timezone as given during login - #31493
  • Fix checksum computation to not apply on read-write streams to avoid potential mismatch results - #31619
  • Exclude uploads directory from read-only cache mask, fixes guest app chunked uploads - #31596
  • Properly normalize paths for event, no &$magic needed - #31689
  • Use the correct user id in login related Symfony events - #31605
  • Fix public link dialog issue when collaborative tags app is disabled - #31581
  • Fix updating public link share in transfer ownership command - #31176 #31953
  • Do not set the password again if it hasn't changed - #31370
  • Use correct l10n to translate 'password was changed' email - #31553
  • Improve text in settings/personal App Password - #31539
  • Fix default language code example - #31448
  • Fix double slash in versioning file copy events - #31452
  • Split public password enforced capabilities based on a config - #31499
  • Fix bogus exceptions related to missing DAV nodes after deletion - #31479
  • Fix enabling of users by group admins in the web UI - #31489
  • Fix AccountMapper to return an object or throw an exception - #31445
  • Proper handling of exceptions in UserManager - #31446
  • Properly cache non-existing user in UserManager - #31446
  • Update verify checksums console output to flow more naturally - #31449
  • Subadmin shouldn't be able to add users to their groups via API - #31337
  • Catch duplicate inserts in token table - #31460 #31794 #32041
  • Fix overflowing public share names in the share panel - #31369
  • Fix occ user:sync to sync quota from preferences after upgrade if backend provided no quota - #31360
  • Fix for Redis dev editions - #31282
  • Fix mail debug message recipient field - #31227
  • Prevent infinite loop in case of error in "log" event handler - #31247
  • Fix HTTP status code when uploading virus-infected files - #31260
  • Add back robots.txt in the release - #31248

10.0.8 - 2018-04-27

Added

  • Added option for user:sync to reenable formerly disabled users - #31124
  • Ability to log extra JSON fields - #31121
  • Trigger event when logging - #31121
  • Added command to verify and fix checksums - #31008
  • Introduce seen and single user sync command line features - #31025 #31032
  • Added config setting to specify minimum characters for sharing autocomplete - #30994 #31067 #31160
  • Added personal note field for link share email - #30486 #30571 #30813 #31057 #31201 #31212
  • Add conditional Logging target logfile for shared_secret and users - #30443
  • Add option to disable link share password enforcement for write-only shares - #30408 #30774 #30787
  • Add Webdav-Location header in private link redirect - #30387 #30595
  • Make syslog output configurable, introduce new default that includes the request id - #30346
  • Added "uid" parameter to "validatePassword" events - #30334
  • Added new API event for zip file download - #30067
  • Added new API event for public link creation - #30067
  • Added log entry when the "data-fingerprint" command was run - #30281
  • Added "heic" and "heif" as image mime types for thumbnails - #30108
  • Added new API events for commenting actions - #30142
  • Added "register notifier" event for use with the notification emails feature - #30613
  • Added group option to files:scan command - #30615
  • Added warning if no files to process in occ files:transfer-ownership command - #30612
  • Added user:modify command to core - #30652
  • Added config switch to enable fallback to http scheme when creating fed shares - #30646 #31196
  • Added repair step for orphaned sub-shares - #30695
  • Added repair step to fix orphaned reshares - #31004
  • Added Symfony events for configuration changes (config.php and appconfig) - #30788 #30937 #31107
  • Added Symfony event to let apps resolve private links - #30911
  • Added Symfony events for delete and create share - #31026
  • Added Symfony events for updating share attributes (expiration, password, name) - #31120
  • Added Symfony events for group membership events - #31003
  • Added Symfony events for feature change in group admin - #31132
  • Added config.php option to select apps to ignore missing signature file (mostly for themes) - #30891 #31066
  • Added ability for full-page frontend-only apps in info.xml - #30918
  • More user-friendly email address input and handling in link share dialog - #30945 #31142

Changed

  • Set minimum php version to 5.6 in composer.json - #31100
  • Bump PHP to 5.6.33 in composer - #30403
  • Bump phpseclib/phpseclib from 2.0.3 to 2.0.10 - #30052 #30537
  • Bump phpunit and symfony/translation to match master - #30410
  • Bump guzzlehttp/guzzle from 5.3.1 to 5.3.2 - #30217
  • Bump lukasreschke/id3parser from 0.0.1 to 0.0.3 - #30085
  • Bump symfony to 3.4.5 - #30689
  • Bump symfony/translation from 3.2.4 to 3.3.16 - #30380
  • Bump latest symfony and sabre/vobject point versions - #30266
  • Bump karma from 1.5.0 to 2.0.0 in /build - #30050
  • Bump punic/punic from 1.6.5 to 3.1.0 - #30550
  • Bump symfony to 3.4.6 and Sabre vobject to 4.1.5 - #30768
  • Bump sabre/http from 4.2.3 to v4.2.4 - #30599
  • Bump jakub-onderka/php-parallel-lint from 0.9.2 to 1.0.0 - #30626
  • Bump behat/mink-extension from 2.3.0 to 2.3.1 - #30706
  • Bump league/flysystem from 1.0.42 to 1.0.43 - #30704
  • Update composer in stable10 with versions as at 2018-02-07 - #30390
  • Renamed SMB logging config.php settings from "wnd" to "smb" - #30244
  • Improved error messages in user:delete command - #30164
  • Validate email address in mail settings section - #30315
  • Only decrypt users who have already logged in with decrypt-all occ command - #30640
  • Replace usage of "create_function" in PHP - #30714
  • Provisioning API can now properly set default or zero quota - #30755
  • User quota setting can be queried through provisioning API - #30850

Removed

  • Removed private oc_current_user Javascript variable - #30486 #30556
  • Remove app store config values from config.sample.php - #30422
  • Remove documentation of the theme option in config.sample.php - #30350
  • Remove unused config.sample.php parameters - #30933 #30812
  • Remove "Unlimited" word from quota report in personal page - #31041

Fixes

  • Prevent background scan to scan homes of users who never logged in - #31189
  • Properly align three button dialogs - #31147
  • Many documentation improvements in config.sample.php - #31114 #31127 #31128 #31068 #31173 #31182
  • Fix some documentation paths in config.sample.php - #30431
  • Fix App Framework ApiContoller initialization to fix thumbnail access - #31104 #31183
  • Check apache auth on login form - #31074
  • Check basic auth credentials periodically after a timeout instead of … - #31076
  • Email autocomplete in link share dialog will not return local/federated users any more, only contacts - #30998
  • Fix settings page where elements are inline when they shouldn't - #30988
  • Do not log errors when uploading forbidden file format - #30991
  • Fix upload issue by replacing emittingCall with separate before and after events - #30986
  • Fix Symfony event emittingCall by adding return - #31045
  • Properly trigger file-related Symfony events when chunking - #31087
  • Remove unsupported "enable for groups" field for theme apps - #30948
  • Added OneNote 2016 user agent string to make it work with Webdav - #30965
  • Refactored metadata sync code to unify behavior across all login methods - #30638
  • Mask "marketplace.key" in config list as it is sensitive - #30917
  • Polish totp middleware a little - #30849
  • Set empty authtoken names to 'none' as empty is not allowed any more - #30908
  • Fix CORS OPTIONS request for unauthenticated requests - #30912
  • Treat any unknown app version as 0.0.1 - #30890
  • Ignore multiple slashes in http path - #30854
  • Initialize root folder service later to fix user backend registration order issue - #30810
  • Remove implicit login in base.php to remove bogus "Login failed" logs - #30814
  • Use storage specific move operation for object store - #30817
  • Fix webUI display of group containing numeric username - #30811
  • Fix calendar changes limit - #30816
  • Properly use error exit code for unsupported PHP version - #30780
  • Unbrand Personal security sessions message - #30754
  • Propagate move exception messages to the frontend - #30791
  • Fix chunk size comparison for big values on 32-bit systems - #30772
  • Make error origin more distinguishable in some filesystem code paths - #30682
  • Don't send emails when importing calendar/events - #30666
  • Adding a system configuration for global CORS domains - #30906
  • Better label for CORS in settings section - #30663
  • Allow regular users to change their CORS domains - #30649
  • Catch session unavailable exception - #30347 #30623
  • Proper HTTP status code on login exception - #30639
  • Fix file mtime issue on 32-bit systems - #30546
  • Fixing logout for app password scenario - #30591
  • Fix wording if you are not a member of any groups - #30558
  • Fix for error when querying non present log_secret - #30470
  • Properly create a session for a pure token based request, fixed oauth2 issues - #30542
  • Free resources in preview providers - #30533
  • Continue in case of rare error in files:scan repair command - #30494 #30618 #30959
  • Make theming work when theme app is outside the ownCloud root - #30477
  • Don't try decrypting federated shares in decrypt-all command - #30155
  • Keep null in getMetaData in Checksum storage wrapper, fixes some files:scan scenarios - #30302
  • Modals dialogs can now scroll, improves link share dialog UX - #30424
  • Adjust link share wording and fix translations - #31036
  • Fix failure of shares which are already moved with transfer ownership - #30161
  • Return 403 instead of 503 to resume syncing of desktop client - #30353
  • Guide users to also check spelling for typos in federated share id - #30355
  • Fixed issue with number of hidden files not updating on renaming a file - #30359
  • Fix deleted items auto expiration for users with no quota - #30163
  • Fix validation for new encryption storage key location - #30357
  • Fix some CSRF issues on Webdav endpoint by only checking for POST method - #30358
  • Prevent share icon from shrinking with long texts - #31163
  • Fixed regression where a user could not set own email address in the settings page - #30319
  • Fix caldav and carddav syncing when dealing with lots of data - #30252
  • Don't restrain width of icon-logo - #30282
  • Check trashbin permissions before moving to trash, fixes deletion as guest user - #30240
  • Handle no read access to skeleton - #30241
  • Fix file name escaping in error messages in web UI related to file operations - #30193
  • Proper error message when trying to add user to a group they are already member of in web UI - #30194
  • Show new basename and extension while waiting for rename operation to finish in web UI - #30040
  • Fix app author parsing in apps page - #30043
  • Validate system path data used in findBinaryPath - #30061
  • Fix deletion of group with special characters in web UI - #30111
  • Fix missing preview in file upload conflict window - #30125
  • Fix files endpoint bug when downloading vCard - #30149
  • Properly filter link share email parameters - #30165
  • Filter sender display name in mail notification handler - #31056
  • Filter file name when sending internal mail - #31046
  • Convert null to empty string for Oracle in file cache accessor - #30224
  • Use LargeFileHelper to calculate log file size - fixes #30227 - #30234

10.0.7 - 2018-01-19

Fixed

  • Fix various issues about null user errors - #30450
  • Solve OAuth token expiry issue - #30481
  • Fixed issues related to app passwords and account lock-outs - #30363

10.0.6 - 2018-01-29

Fixed

  • Fix missing build dependency for L18N - #30265

10.0.5 - 2018-01-23

Added

  • Add php-intl as hard requirement - #29539
  • Optionally show server hostname in status.php - #29471
  • Add link for logfiles docs in exception page and simplify text - #29674
  • Link to trusted domains docs in error message - #29730
  • Add indices on share table - #29883 #29592
  • Add dispatcher event for "unshare from self" action - #29851
  • Technology preview for PHP 7.2 support - #29878
  • Added public hooks for file operations using Symfony Event Dispatcher - #29939
  • Expose getAppPath() and getAppWebPath() on the AppManager service #30041 #30150
  • Add warning in settings page when running in debug mode - #29936

Changed

  • Switch Webdav URL in field in navigation panel to the new endpoint - #29766
  • Require a minimum of 1 character for the application password name - #29831
  • Only allow a single active theme app with no magic fallbacks to inactive app themes - #29854
  • Config report now hides email address from email config - #29949
  • Change "remote" to "federated" suffix in sharing autocomplete dialog. - #30046 #30171

Removed

Fixed

  • Fix Dropbox / GDrive oauth handshake handling - #30071
  • Redisplay login page on CSRF error - #30035
  • Do not reset display name to uid on sso login - #30038
  • Do not automatically disable apps of certain types - #29870
  • Fix provisioning API when dealing with group name "0" - #30004
  • Tweak occ command help output - #29959
  • Now using upsert instead of insertIfNotExists for file cache updates, fixes concurrency issues - #29934
  • Only set CORS headers on Webdav endpoint when Origin header is specified - #29874
  • Ignore broken/dead symlinks on filescan - #28959
  • Improve performance by caching non-existing accounts - #29866
  • Fix template location order by searching the enabled theme app first - #29867
  • Actually log message instead of {$message} - #29844
  • Improved performance on new DAV endpoint by skipping querying parent nodes - #29834
  • Adjust error message about PHP compatibility to say PHP X.X like previous line. - #29828
  • Raise more useful message when constructor are not resolvable - #29760
  • Fix wording for versions expiration occ command - #29671
  • Handle invalid or missing external storage backend to keep mount point visible - #29562
  • Fix integrity check when owncloud is not installed - #29692
  • Fix issues about unsharing with some scenarios after moving the share - #29716
  • Allow group 0 to be created by provisioning API - #29734
  • Do not reset quota if it was not provided - #29673
  • Improve quota value validation - check size only if size key is set - #29743
  • Code cleanup - #29799

10.0.4 - 2017-12-06

Added

  • Added support for eml mimetype - #29204
  • Added "occ dav:cleanup-chunks" command to clean up expired uploads - #29180
  • Added "occ files:scan" repair mode to repair mismatch filecache paths - #29074 #29232
  • Added occ command to change/recreate master-key - #29260 #29735
  • Detailed mode for "occ security:routes" - #29095
  • Webdav property to retrieve a private link to files or folders - #29041
  • CORS support for public API routes - #28852 #29741 #29749
  • More "files_sharing" capabilities entries - #29040
  • Display server name in admin page, don't show in status.php - #28938
  • Validate public link mail on the client side - #29042
  • Expose XHR response in share dialog autocomplete callback for extensions - #29231
  • Let apps provide icons for settings sections - #29358
  • Added cancellable prehooks for logout operation - #29352
  • Markdown support for app descriptions in apps settings panel - #29333
  • Add option to allow user to share only with the groups they belong to - #29391
  • Cacheable storage adapter for use by Flysystem based external storage backends - #29414
  • Add user additional info field for share autocomplete - #29457
  • Add dispatcher event for remote fed shares - #29482
  • Adding mode of operations - either single-instance or clus… - #29492
  • Added support for MariaDB 10.2.7+ - #29240
  • Admins can now exclude files from integrity check in config.php - #29460
  • Use X-Request-ID header as request id if provided by client, useful for logging - #29434
  • Added authentication headers verification to validate the session - #29525
  • Added IServiceLoader on server container to load app service classes from XML tags in info.xml - #29525
  • Trigger events for federated shares - #29566

Changed

  • Exclude mimetypelist.js from integrity check - #29048 #29316
  • Refactor set and reset of capabilities - #29200
  • All amazon locations support v4 now - v3 deprecated - #29153
  • Modified time value of files is now 64 bits long - #28961
  • User names must now be at least 3 characters long - #29237
  • AccountMapper get by email is now case insensitive - #29341
  • Remove deprecated federated share API warning as it needlessly pollutes logs - #29364
  • Improve UI for public link sharing permissions for folders - #29413
  • Replace notify user for local shares with button - #29463
  • Log out current user after submitting form in password reset page - #29464
  • Update minimum supported browser versions - #29507
  • Admins can now change display name even when its modification is disallowed for regular users - #29442

Removed

  • Remove AvatarPermissions repair step - #29202
  • Remove unused FTP code - #29186
  • Remove app store related code obsoleted by market app - #29249
  • Remove a route to removed script - #29553

Fixed

  • Corrected namespace for OCMemcacheArrayCache which caused errors on some environments - #29219
  • External storage Javascript code from apps is now loaded correctly (fixes Dropbox app and others) - #29225
  • Use product name from theme - #29251
  • Make sure the external storage folder name is editable when returning from OAuth authorization - #29253
  • Fix duplicate external storage config that appear sometimes when returning from OAuth authorization - #29254
  • Log exceptions in decrypt-all command - #29248
  • SFTP key pair mode now works again - #29156
  • Use correct class namespace for ownCloud ext storage - #28935
  • Fix generated zip file to avoid errors with some zip tools - #29149
  • Fix position of dialog boxes - #29133 #29467
  • Move 64bit mtime migration from dav to core - #29121
  • Allow 0 byte quota to be entered on UI - #29113
  • Don't display warning about limited commands when running maintenance:install - #28968
  • Handle no user session in isSharingDisabledForUser() - #28915
  • Fix icon format for federated cloud sharing - #28972
  • Fix for decrypting user specific keys - #29189
  • Remove alternate keys storage during user delete - #29155
  • Fix error logs due to deletion of keys - #28934
  • Fix encryption panel to properly detect current mode after upgrade to ownCloud 10 - #29049
  • Fix quota check when uploading to federated shares - #29325 #29424
  • Fix issue when mounting another encrypted ownCloud - #29360
  • AccountMapper get by email is now case insensitive - #29341
  • Fix order of apps to be deterministic during install process - #29267
  • Only initiate connection to federated share when necessary - #29314
  • Allow group named "0" to be deleted - #29323
  • Do not translate CORS header in settings page - #29313
  • Disable background scan for home storage/cache - #29306
  • Fixed double escaping in full page error messages - #29304
  • Updated davclient.js which fixes issue whenever an app extends Array prototype - #29305
  • Fix OCS apps API to correctly include attributes into generated XML - #29303
  • Make enum type mapping work with migrations - #29268
  • Handle invalid storage when getting storage root id - #29278
  • Fix storing/retrieval for dav properties of non files - #29273
  • Remove double quotes from boolean values in status.php output - #29271
  • Tidy code in DAV related classes - #29272
  • Fix the missing argument to DecryptAll - #29371
  • Skip copying skeleton files if skeleton dir is not accessible - #29379
  • Use chunked DB query when preloading directory content for DAV properties - #29416
  • Fix failure when checking integrity signature for non-existing files - #29433
  • Prevent uploading of part files through WebDav - #29432
  • Only trigger "changeUser" event if account object really changed - #29429
  • Only load app type once in app manager classes - #29428
  • Use efficient startsWith implementation in server container - #29427
  • Fix race condition in browser when uploading folder tree - #29435
  • Disable nginx buffering for file downloads to avoid huge memory usage in some scenarios - #29403
  • Fix many issues related to session removal - #28879
  • Fix SMB to better detect when overwriting through rename - #29564
  • Fix files scan repair in bulk warning - #29631
  • Fix federated share import from public link - #29677
  • Fix status.php to properly display product name - #29728
  • Sort allowed storages checkbox list - #29746

10.0.3 - 2017-09-15

Added

  • It is now possible to upgrade from 8.2.11 directly to 10 - #28655 #28673
  • Added extra check in case of missing home storage - #28504
  • Added Shield and Workflow icons - #28588
  • Enable chunking for big files in web UI when logged in - #28547
  • Added emitting of hook "post_unshareFromSelf" to Share 2.0 - #28413
  • Added occ user:inactive command to list inactive users - #28294
  • Added internal setting for the periodic credentials validity check - #28298
  • Added jquery events for external storage settings UI when using OAuth - #28210
  • Added public IThemeService which allows apps like the template editor to interact with the current theme - #28647 #28926
  • Added "passwordEnabled" field to hook data of link shares - #28827
  • Add new option to disable sharing in every user-mounted external storages - #28706
  • Added default user and group share permissions - #28903
  • Added occ command to list routes - #28907
  • Added mime types for m3u, m3u8, pls mappings to audio streams - #28885

Changed

  • Transfer ownership now works with master key encryption - #28537 #28845
  • Reenable medial search by default - #28064
  • The LoginController now emits "failedLogin" hook signal after a failed login - #28631
  • All columns that use the fileid have been changed to bigint (64-bits) - #28581
  • Added search pattern for the occ app:list command - #28653
  • Allow phpredis develop branch - #28717
  • Default minimum desktop version in config.php is now 2.2.4 - #28540
  • Reallow negative mtimes by default in storage implementations - #28697

Deprecated

Removed

  • Removed "themes" folder - #28617 #28999
  • Removed unused Windows checks - #28612
  • Removed "appstoreenabled" from config.php - #28714
  • Slash in filename when renaming is not allowed any more in the frontend (unintended "feature") - #28490
  • Using old chunking protocol on new DAV endpoint is now disallowed - #28637

Fixed

Platform

  • Fix issue with folder sizes on 32-bit systems - #28654
  • Fix null error in ActivityManager on some setups - #28420
  • Load app code before running app specific migrations - #28391
  • Prevent certificate manager to access FS too early, fixes 8.2 to 10 migration issue - #28668
  • Clustering: Better support of read only config file and apps folder - #28594 #28601
  • Only use IndexIgnore in htaccess if mod_autoindex.c is enabled/loaded - #28591
  • Fix app enable of not existing app - #28317
  • Keep redirect information when logging in with wrong password - #28511
  • Use SwiftMailer antiflood plugin to reconnect after multiple emails sent - #28180
  • Theme is now properly loaded when displaying full page error messages - #28622
  • Adjusted warning for PHP 5.5 EOL - #28765
  • Don't enable market app on upgrade from OC < 10 if "appstoreenabled" was false in config.php - #28757
  • Use different CSS comment style for IE11 support - #28752
  • Adjust default slogan - #28724
  • Catch filecache inconsistencies instead of logging warnings - #28710
  • Check for null when traversing app passwords table rows - #28894
  • Improve market upgrade messages + new switch - #28871
  • Make occ upgrade verbose by default - #28876
  • Add more information to updatechecker config doc - #28867

Database

  • All columns that use the fileid have been changed to bigint (64-bits) - #28581
  • Fix length of account search term column which broke installs on some DB setups - #28576
  • Fix column lengths on migrations table to fix index - #28254
  • Fixed some repeated duplicate key errors relate to oc_preferences table - #28486
  • Add migration step to fix birthday calendars - #28338
  • Added cache for new card uri-id mapping to fix db cluster execution - #28308

Performance

  • Optimize upload - don't fetch info of non-existing file - #28704
  • Optimize upload - don't check if file exists if already known - #28704
  • Optimize upload - do not fetch metadata for part file during checksuming - #28633
  • Optimize shares retrieval logic with complex scenarios - #28524
  • Optimize query logger - #28220
  • Remove initial scanning overhead to speed up federated shares with lots of entries - #28604
  • Improve contact search performance - #28042
  • Improved search performance for federated instance users - #28209
  • Add database index on "oc_share.share_with" column - #28856

Filesystem / storage

  • Don't trigger hooks for every new dav chunk, only for final file - #28817
  • Prevent creating file cache inconsistencies when moving a subtree in or out of a share - #28219
  • Add check for empty result in storage memcache - #28548
  • Fix error message when accessing of non-existing file on external storage - #28613
  • Fixed OAuth frontend logic when connecting to external storage - #28496 #28400
  • Fix quota handling on new Webdav endpoint (affects desktop client 2.2+) - #28261
  • Fix mounting Webdav as drive in Windows 10 - #28243
  • Fix rare error that happens when mounting invalid shares - #28342
  • Handle BSD case for 32 bit filemtime and install warning - #28790
  • Properly check target rename path in new dav endpoint - #28737
  • Increment required only when encryption is enabled - #28880

Files app

  • Make sure passed upload mtime is always an int - #28186
  • Fix directory mime type in trashbin list - #28803
  • Properly highlight files when opening private link - #28681
  • Fix overlapping selectively in default fileslist - #28906
  • Better timeout detection in web UI uploads + chunked uploads - #28896
  • Fix getting drop target when dragging from file manager - #28882
  • Improve file upload progress bar - #28861

Sharing

  • Creating link shares now doesn't forget "Allow editing" permission any more - #28065
  • Fix "notify user" checkbox in share panel - #28237
  • Proper message shown when accessing unreachable private links - #28600
  • Fix exact search term match for LDAP in share autocomplete - #28851
  • Add tooltip to public shares panel - #28781
  • Validate share link password even if unchanged when updating share - #28713
  • Fix DiscoveryManager error during upgrade by untangling federated share app dependencies - #28858

User management

  • Don't set email if invalid in user:add command - #28577
  • Group admins can now properly edit members' email addresses - #28366
  • Fixed "settings_ajax_changegroupname" typo in route name - #28746
  • Use IProvidesEMailBackend to fix syncing with LDAP backend - #28736

API related

  • Make Backbone PROPPATCH work with options.wait mode - #28791 #28837
  • Detect PROPPATCH failure by parsing multistatus in Backbone Webdav adapter - #28628
  • Error messages from the server on upload are now displayed in the web UI instead of generic messages - #28635
  • Properly set the status text in OCS API v2 calls - #28595
  • Data was not properly set in case of OCS Result object - #28198

Other

  • Only reload file list when switching navigation sections - #28843
  • Make new text file tooltip messages update properly - #28151
  • Fix trashbin preview icons - #28158
  • Allow user "0" as in comments - #28422
  • Better description for occ files:scan command - #28839
  • Better description for occ files:cleanup command - #28841
  • Reworded upgrade message for admin with big instance - #28828
  • Make lost password errors distinguishable - #28756
  • Add height to menutoggler - #28723
  • Remove apostrophe from full page file read error text - #28702
  • Added missing "fatal" log level to occ log:manage level command - #28683

10.0.2 - 2017-06-30

  • [major] Fix issue with database.xml migration being triggered twice on market app install - #27982
  • [major] Apps formerly marked as shipped can now be uninstalled - #27985
  • [major] Market now properly updates app version when using multiple apps paths - #28002

10.0.1 - 2017-06-23

  • [major] Clear cached app info before installing app - #27953
  • [major] Fix to allow admin login when using home object store mode - #27963
  • [major] Skeleton files correct copied for shibboleth - #27935
  • [major] Automatically enable market app when upgrading from OC < 10 - #27930
  • [major] Fix issue where market would run app migrations twice in some scenarios - market/#76
  • [major] Fetch search terms from user backend (ex: LDAP) for more extended user search ability - #27906
  • [major] Added support for upload-only link shares - #27548
  • [major] When enabling default encryption module the admin must now explicitly choose encryption type (master key vs user key) - #27512
  • [major] Fix missing "publicuri" field when upgrading from 9.1.5 - #27754
  • [major] Add options to the user:sync command to handle missing accounts - #27798
  • [major] Maintenance mode now properly blocks syncing on new DAV endpoint - #27821
  • [major] Copy button for multiple link share now copies the correct link - #27863
  • [major] Fix upload issues with IE11 - #27875
  • [major] Allow apps to register multiple settings panels - #27885
  • [major] Account table doesn't sync from user backends that have no listing support - #27862
  • [major] Add events for password validation - #27883
  • [major] Add JS event after external storage mount config is loaded, for UI extensions - #27740
  • [major] Fix theming of setup page by autoloading default_enable theme apps - #27819
  • [major] Allow apps to register custom settings page sections in info.xml - #27634
  • [major] Add admin sharing option to restrict autocomplete to membership groups but still allow typing full name if known - #27869
  • [minor] Market app update now doesn't overwrite local git checkouts - #27973
  • [minor] Delete "appstoreenabled" config value when enabling market - #27956
  • [minor] Do not verify email address when entered by an admin on their personal page - #27921
  • [minor] Fix default share permission issue in public API #27927
  • [minor] Properly rethrow exception when error occurred when enabling an app - #27970
  • [minor] Remove own shares from "Shared with you" section - #27972
  • [minor] Fix updating to daily from 10.0.0 with web updater - updater/#422
  • [minor] Fix updating to 10.0.1 with web updater - #27965
  • [minor] Removed unused and non-working auto-login after setup - #27971
  • [minor] Fix SMB storage to return false if stat failed - #27859
  • [minor] Update swiftmailer - #27897
  • [minor] Escape filter in search - #27900
  • [minor] Fix file name output in error pages - #27808
  • [minor] Support for alternative login buttons through config.php - #27607
  • [minor] Example theme app renamed to "theme-example" by convention - #27632
  • [minor] Fix missing translation of built-in section names - #27645
  • [minor] Add ability to disable password reset form in config - #27676
  • [minor] Add support for themed radio buttons - #27681
  • [minor] Fix customjs extension handling for external storage apps - #27683
  • [minor] Fix upgrade error with mod_fcgid and PHP 7 - #27553
  • [minor] Remove sharing subtab when link sharing is disallowed - #27708
  • [minor] Add privacy warning in link shares panel - #27844
  • [minor] Fix files app name in navigation menu - #27843
  • [minor] Fix mimetype table code to ignore folder extensions - #27668
  • [minor] Automatically focus the password field in password reset page - #27889
  • [minor] Trashbin restore warnings due to missing entries now logged as debug - #27826
  • [minor] Remove obsolete repair step RemoveOldShares - #27737
  • [minor] "local link" was renamed to "private link" - #27594
  • [minor] Fix column sorting in public file list page - #27308

10.0.0 - 2017-04-26

Added

General

  • Allows users to add the app to the Android homescreen: #25438
  • Compatible with PHP 7.1: #25436
  • MySQL 4-byte UTF8 support: (utf8mb4 for e.g. Emoticons) #17978
  • Admin, personal pages and app management are now merged together into a single "Settings" entry: #26449
  • Admin page displays the output of the server's status.php: #27238
  • Also allow using email address for password recovery: #27168
  • Ability to disable password reset: #27440
  • Support Redis Cluster: #26407
  • ownCloud log entry reorder: #27562
  • ownCloud log file rules to split into separate files: #27443
  • occ scanner optimized memory usage for large scans by using autocommits: owncloud/core/27527
  • Third party apps are not disabled anymore when upgrading

Filesystem

  • Ability to exclude folders from being processed, like snapshot folders: #19235
  • Checksum is computed on the fly and verified (File integrity checking): #26655 / Technical Documentation

Files App

  • Share Link can be copied to the clipboard #25418
  • Display version sizes in versions panel #26511
  • Transfer ownership now works for individual folders #27343
  • Favorite star indicator now visible in the file lists related to sharing (ex: "Shared with you") #19753

User management

  • Ability to disable users in the users page (enable column first under cog icon) #27333
  • When changing personal email, an email confirmation is now sent #7326
  • When password is changed through any means, the user will now receive an email #27498
  • Change user preferences through OCC #24770

External storage

Dav App

  • CalDAV calendar public sharing #25351

Sharing

  • Support for multiple link shares: #27337
  • When a recipient moves a file or folder out of a received share, the owner now receives a backup in their trashbin: #27042
  • User avatars now visible in sharing autocomplete dropdown: #25976

For developers

  • Users from all user backends are now stored in a central account table, improves performance by reducing recurring backend traffic: #23558
  • Added event whenever a user is enabled or disabled: #23970
  • Added first login event: #26206
  • Added postLogout hook: #27048
  • New column in oc_jobs table to store last duration: #27144
  • Ability to specify offset and limit when doing a REPORT query on a files endpoint: #26507
  • Avatar API via WebDAV https://github.com/owncloud/core/pull/26872
  • Improve return value support for two factor auth providers API - #26593
  • Apps can now register Sabre plugins in info.xml: #26195
  • REPORT method for files endpoint now allows searching for favorites: #26099
  • Group backends can now return group display names (partial support, only used by sharing autocomplete): #26750

Changed

  • status.php now returns whether an instance requires a DB update: #26209
  • config option to hide server version in status.php #27473
  • provisioning API now also returns the user's home path: #26850
  • web updater shows link to changelog in admin page: #26796

Changelog for ownCloud 9

Changelog for ownCloud 8

Changelog for ownCloud 7