Nextcloud 29.0.6 is out
-
Interesting: 29.0.5 is not listed here (anymore): https://nextcloud.com/changelog/
but here: https://github.com/nextcloud/server/releases/tag/v29.0.5 -
They recognized the error (probably the one @girish mentioned above) and will got straight to 29.0.6 (and 30….): https://help.nextcloud.com/t/rc1-of-29-0-6-available/202059
-
29.06 seems to be released now: https://nextcloud.com/changelog/
-
29.0.6 is (now) also a security update:
As per https://adv-archiv.dfn-cert.de/adv/2024-2304/:2024-2304: Nextcloud Server: A vulnerability allows spying on information
History: Version 1 (2024-09-04 18:17)Description:
An attacker can remotely exploit a vulnerability to circumvent security measures.
No privileges are required for the exploitation of the vulnerability.
The manufacturer confirms the vulnerability and has released Nextcloud Server 29.0.6 as a security update.For Fedora 39 and 40, security updates in the form of 'nextcloud-29.0.6-2' packages are available and for Fedora EPEL 9 the package 'nextcloud-29.0.6-1.el9' in the 'testing' status to fix the vulnerability.
Vulnerabilities:
CVE-2024-39338
Vulnerability in Axios enables server-side request-forgery (SSRF) attack -
We managed to mitigate this issue by ensuring cron.sh was run at least once on first start. It is unclear how it is connected to the ldap login, but it solved it. Further it mitigates a warning in the first 5min in the admin section that the cronjob was last run years ago
-
N nebulon marked this topic as a question on
-
N nebulon has marked this topic as solved on
-
Fantastic! (btw it seems that 29.0.7 is around the corner...
)
