Your IP : 3.12.36.188
[10.15.2] (2025-03-11)
The following sections list the changes in ownCloud core 10.15.2 relevant to
ownCloud admins and users.
[10.15.2]: https://github.com/owncloud/core/compare/v10.15.1...v10.15.2
## Summary
* Security - Disable phar stream wrapper: [#41358](https://github.com/owncloud/core/pull/41358)
## Details
* Security - Disable phar stream wrapper: [#41358](https://github.com/owncloud/core/pull/41358)
https://github.com/owncloud/core/pull/41358
[10.15.1] (2025-03-03)
The following sections list the changes in ownCloud core 10.15.1 relevant to
ownCloud admins and users.
[10.15.1]: https://github.com/owncloud/core/compare/v10.15.0...v10.15.1
## Summary
* Bugfix - Prevent access to internal app config data: [#41338](https://github.com/owncloud/core/pull/41338)
## Details
* Bugfix - Prevent access to internal app config data: [#41338](https://github.com/owncloud/core/pull/41338)
Prevent access to app config where the key is prefixed with remote_ and public_ via the http api
as these are internal configuration settings which are not to be exposed via the network.
https://github.com/owncloud/core/pull/41338
[10.15.0]: https://github.com/owncloud/core/compare/v10.14.0...v10.15.0
## Summary
* Bugfix - Fail fast on unresponsive remote servers: [#41210](https://github.com/owncloud/core/pull/41210)
* Bugfix - Link in public link notification has to be from a trusted domain: [#41214](https://github.com/owncloud/core/pull/41214)
* Bugfix - User can only change their own external storage configuration: [#41225](https://github.com/owncloud/core/pull/41225)
* Bugfix - Hardening SVG processing: [#41234](https://github.com/owncloud/core/pull/41234)
* Bugfix - Handle no longer existing user in preview cleanup: [#41247](https://github.com/owncloud/core/pull/41247)
* Bugfix - Disallow HTTP API requests for user external storages in case disabled: [#41250](https://github.com/owncloud/core/pull/41250)
* Bugfix - Handle short classes in Autoloader: [#41252](https://github.com/owncloud/core/pull/41252)
* Bugfix - No update check if not connected to the internet: [#41262](https://github.com/owncloud/core/pull/41262)
* Bugfix - Default value of preview_max_dimensions is now 6016x6016: [#41263](https://github.com/owncloud/core/pull/41263)
* Bugfix - AllConfig::getUserKeys to return string[] only: [#41270](https://github.com/owncloud/core/pull/41270)
* Bugfix - Wrong Logic When 'allow_user_mounting' is Initially Undefined: [#41272](https://github.com/owncloud/core/pull/41272)
* Change - Update PHP dependencies: [#41195](https://github.com/owncloud/core/pull/41195)
## Details
* Bugfix - Fail fast on unresponsive remote servers: [#41210](https://github.com/owncloud/core/pull/41210)
In case a remote/federated server is not responding the share will not be added and any requests
will fail faster.
https://github.com/owncloud/core/pull/41210
* Bugfix - Link in public link notification has to be from a trusted domain: [#41214](https://github.com/owncloud/core/pull/41214)
https://github.com/owncloud/core/pull/41214
* Bugfix - User can only change their own external storage configuration: [#41225](https://github.com/owncloud/core/pull/41225)
https://github.com/owncloud/core/pull/41225
* Bugfix - Hardening SVG processing: [#41234](https://github.com/owncloud/core/pull/41234)
Purify SVGs before processing.
https://github.com/owncloud/core/pull/41234
* Bugfix - Handle no longer existing user in preview cleanup: [#41247](https://github.com/owncloud/core/pull/41247)
A no longer existing user no longer causes an exception in the preview cleanup job.
https://github.com/owncloud/core/pull/41247
* Bugfix - Disallow HTTP API requests for user external storages in case disabled: [#41250](https://github.com/owncloud/core/pull/41250)
API requests for a user's external storages now correctly fail when user mounted storages are
disabled.
https://github.com/owncloud/core/pull/41250
* Bugfix - Handle short classes in Autoloader: [#41252](https://github.com/owncloud/core/pull/41252)
The Autoloader findClass method was emitting a PHP notice "undefined offset" for class
strings at the top OCA level. The code has been corrected so that the PHP notice is not emitted.
https://github.com/owncloud/core/pull/41252
https://github.com/owncloud/core/pull/41253
* Bugfix - No update check if not connected to the internet: [#41262](https://github.com/owncloud/core/pull/41262)
In case an owncloud instance is not connected to the internet there is no need in polling for
updates in the update notification app.
https://github.com/owncloud/core/pull/41262
* Bugfix - Default value of preview_max_dimensions is now 6016x6016: [#41263](https://github.com/owncloud/core/pull/41263)
This allows processing of 4K portrait images by default.
https://github.com/owncloud/core/pull/41263
* Bugfix - AllConfig::getUserKeys to return string[] only: [#41270](https://github.com/owncloud/core/pull/41270)
The array returned by getUserKeys() is now always an array of strings.
https://github.com/owncloud/core/pull/41270
* Bugfix - Wrong Logic When 'allow_user_mounting' is Initially Undefined: [#41272](https://github.com/owncloud/core/pull/41272)
On a freshly installed system, the checkbox '[ ] Allow users to mount external storage' is not
set, implying 'no'. The code handled this as 'yes' until the admin once selected and unselected
the checkbox.
https://github.com/owncloud/core/pull/41272
https://github.com/owncloud/core/pull/41273
* Change - Update PHP dependencies: [#41195](https://github.com/owncloud/core/pull/41195)
The following have been updated: - deepdiver/zipstreamer (2.0.2 to 2.0.3) -
google/apiclient (v2.15.3 to v2.16.0) - google/apiclient-services (v0.335.0 to v0.355.0)
- google/auth (v1.35.0 to v1.37.1) - monolog/monolog (2.9.2 to 2.9.3) -
paragonie/constant_time_encoding (v2.6.3 to v2.7.0) - pear/archive_tar (1.4.14 to
1.15.0) - pear/pear-core-minimal (v1.10.14 to v1.10.15) - phpseclib/phpseclib (3.0.35 to
3.0.39) - psr/http-factory (1.0.2 to 1.1.0) - sabre/xml (2.2.6 to 2.2.7) -
symfony/event-dispatcher-contracts (v2.5.2 to v2.5.3) - symfony/service-contracts
(v2.5.2 to v2.5.3) - symfony/translation-contracts (v2.5.2 to v2.5.3) - symfony/console
(v5.4.35 to v5.4.40) - symfony/event-dispatcher (v5.4.35 to v5.4.40) - symfony/process
(v5.4.35 to v5.4.40) - symfony/routing (v5.4.35 to v5.4.40) - symfony/string (v5.4.35 to
v5.4.40) - symfony/translation (v5.4.35 to v5.4.40)
https://github.com/owncloud/core/pull/41195
https://github.com/owncloud/core/pull/41203
https://github.com/owncloud/core/pull/41205
https://github.com/owncloud/core/pull/41212
https://github.com/owncloud/core/pull/41222
https://github.com/owncloud/core/pull/41230
https://github.com/owncloud/core/pull/41242
https://github.com/owncloud/core/pull/41255
https://github.com/owncloud/core/pull/41259
https://github.com/owncloud/core/pull/41267
https://github.com/owncloud/core/pull/41276