[10.15.0]: https://github.com/owncloud/core/compare/v10.14.0...v10.15.0 ## Summary * Bugfix - Fail fast on unresponsive remote servers: [#41210](https://github.com/owncloud/core/pull/41210) * Bugfix - Link in public link notification has to be from a trusted domain: [#41214](https://github.com/owncloud/core/pull/41214) * Bugfix - User can only change their own external storage configuration: [#41225](https://github.com/owncloud/core/pull/41225) * Bugfix - Hardening SVG processing: [#41234](https://github.com/owncloud/core/pull/41234) * Bugfix - Handle no longer existing user in preview cleanup: [#41247](https://github.com/owncloud/core/pull/41247) * Bugfix - Disallow HTTP API requests for user external storages in case disabled: [#41250](https://github.com/owncloud/core/pull/41250) * Bugfix - Handle short classes in Autoloader: [#41252](https://github.com/owncloud/core/pull/41252) * Bugfix - No update check if not connected to the internet: [#41262](https://github.com/owncloud/core/pull/41262) * Bugfix - Default value of preview_max_dimensions is now 6016x6016: [#41263](https://github.com/owncloud/core/pull/41263) * Bugfix - AllConfig::getUserKeys to return string[] only: [#41270](https://github.com/owncloud/core/pull/41270) * Bugfix - Wrong Logic When 'allow_user_mounting' is Initially Undefined: [#41272](https://github.com/owncloud/core/pull/41272) * Change - Update PHP dependencies: [#41195](https://github.com/owncloud/core/pull/41195) ## Details * Bugfix - Fail fast on unresponsive remote servers: [#41210](https://github.com/owncloud/core/pull/41210) In case a remote/federated server is not responding the share will not be added and any requests will fail faster. https://github.com/owncloud/core/pull/41210 * Bugfix - Link in public link notification has to be from a trusted domain: [#41214](https://github.com/owncloud/core/pull/41214) https://github.com/owncloud/core/pull/41214 * Bugfix - User can only change their own external storage configuration: [#41225](https://github.com/owncloud/core/pull/41225) https://github.com/owncloud/core/pull/41225 * Bugfix - Hardening SVG processing: [#41234](https://github.com/owncloud/core/pull/41234) Purify SVGs before processing. https://github.com/owncloud/core/pull/41234 * Bugfix - Handle no longer existing user in preview cleanup: [#41247](https://github.com/owncloud/core/pull/41247) A no longer existing user no longer causes an exception in the preview cleanup job. https://github.com/owncloud/core/pull/41247 * Bugfix - Disallow HTTP API requests for user external storages in case disabled: [#41250](https://github.com/owncloud/core/pull/41250) API requests for a user's external storages now correctly fail when user mounted storages are disabled. https://github.com/owncloud/core/pull/41250 * Bugfix - Handle short classes in Autoloader: [#41252](https://github.com/owncloud/core/pull/41252) The Autoloader findClass method was emitting a PHP notice "undefined offset" for class strings at the top OCA level. The code has been corrected so that the PHP notice is not emitted. https://github.com/owncloud/core/pull/41252 https://github.com/owncloud/core/pull/41253 * Bugfix - No update check if not connected to the internet: [#41262](https://github.com/owncloud/core/pull/41262) In case an owncloud instance is not connected to the internet there is no need in polling for updates in the update notification app. https://github.com/owncloud/core/pull/41262 * Bugfix - Default value of preview_max_dimensions is now 6016x6016: [#41263](https://github.com/owncloud/core/pull/41263) This allows processing of 4K portrait images by default. https://github.com/owncloud/core/pull/41263 * Bugfix - AllConfig::getUserKeys to return string[] only: [#41270](https://github.com/owncloud/core/pull/41270) The array returned by getUserKeys() is now always an array of strings. https://github.com/owncloud/core/pull/41270 * Bugfix - Wrong Logic When 'allow_user_mounting' is Initially Undefined: [#41272](https://github.com/owncloud/core/pull/41272) On a freshly installed system, the checkbox '[ ] Allow users to mount external storage' is not set, implying 'no'. The code handled this as 'yes' until the admin once selected and unselected the checkbox. https://github.com/owncloud/core/pull/41272 https://github.com/owncloud/core/pull/41273 * Change - Update PHP dependencies: [#41195](https://github.com/owncloud/core/pull/41195) The following have been updated: - deepdiver/zipstreamer (2.0.2 to 2.0.3) - google/apiclient (v2.15.3 to v2.16.0) - google/apiclient-services (v0.335.0 to v0.355.0) - google/auth (v1.35.0 to v1.37.1) - monolog/monolog (2.9.2 to 2.9.3) - paragonie/constant_time_encoding (v2.6.3 to v2.7.0) - pear/archive_tar (1.4.14 to 1.15.0) - pear/pear-core-minimal (v1.10.14 to v1.10.15) - phpseclib/phpseclib (3.0.35 to 3.0.39) - psr/http-factory (1.0.2 to 1.1.0) - sabre/xml (2.2.6 to 2.2.7) - symfony/event-dispatcher-contracts (v2.5.2 to v2.5.3) - symfony/service-contracts (v2.5.2 to v2.5.3) - symfony/translation-contracts (v2.5.2 to v2.5.3) - symfony/console (v5.4.35 to v5.4.40) - symfony/event-dispatcher (v5.4.35 to v5.4.40) - symfony/process (v5.4.35 to v5.4.40) - symfony/routing (v5.4.35 to v5.4.40) - symfony/string (v5.4.35 to v5.4.40) - symfony/translation (v5.4.35 to v5.4.40) https://github.com/owncloud/core/pull/41195 https://github.com/owncloud/core/pull/41203 https://github.com/owncloud/core/pull/41205 https://github.com/owncloud/core/pull/41212 https://github.com/owncloud/core/pull/41222 https://github.com/owncloud/core/pull/41230 https://github.com/owncloud/core/pull/41242 https://github.com/owncloud/core/pull/41255 https://github.com/owncloud/core/pull/41259 https://github.com/owncloud/core/pull/41267 https://github.com/owncloud/core/pull/41276 [10.14.0]: https://github.com/owncloud/core/compare/v10.13.4...v10.14.0 ## Summary * Bugfix - Validate comment verb length: [#40965](https://github.com/owncloud/core/pull/40965) * Bugfix - Log.conditions with `shared_secret` shall not break file uploads: [#41044](https://github.com/owncloud/core/pull/41044) * Bugfix - Create previews from first page: [#41045](https://github.com/owncloud/core/pull/41045) * Bugfix - CalDAV query where the time range is not given: [#41050](https://github.com/owncloud/core/pull/41050) * Bugfix - Store user information in explicit variable: [#41054](https://github.com/owncloud/core/pull/41054) * Bugfix - Fix expiration date and eliminate duplicate entries in file list: [#41056](https://github.com/owncloud/core/pull/41056) * Bugfix - LDAP groups will be properly applied to external storages: [#41063](https://github.com/owncloud/core/pull/41063) * Bugfix - Disallow browsers to translate the frontend: [#41067](https://github.com/owncloud/core/pull/41067) * Bugfix - Limit performance impact when version meta data is enabled: [#41069](https://github.com/owncloud/core/pull/41069) * Bugfix - Proper error handling when deleting users or groups: [#41077](https://github.com/owncloud/core/pull/41077) * Bugfix - Account terms can be removed if they differ with the ones stored: [#41120](https://github.com/owncloud/core/pull/41120) * Bugfix - "user:list -a" occ command now correctly displays user's creation time: [#41125](https://github.com/owncloud/core/pull/41125) * Bugfix - Fix log exceptions for mp3 preview: [#41153](https://github.com/owncloud/core/pull/41153) * Bugfix - Set oc_file_locks.id to bigint: [#41158](https://github.com/owncloud/core/pull/41158) * Bugfix - Add compatibility to richdocuments.document.index route: [#41161](https://github.com/owncloud/core/pull/41161) * Bugfix - Sanitize title in dialogs: [#41166](https://github.com/owncloud/core/pull/41166) * Bugfix - Decommission of templateeditor app: [#41168](https://github.com/owncloud/core/pull/41168) * Bugfix - Input validation when setting the displayname of a user or self: [#41172](https://github.com/owncloud/core/pull/41172) * Bugfix - Image dimension validation on avatar upload and preview generation: [#41175](https://github.com/owncloud/core/pull/41175) * Change - No activities on rejected shares: [#41078](https://github.com/owncloud/core/pull/41078) * Change - Update PHP dependencies: [#41033](https://github.com/owncloud/core/pull/41033) * Enhancement - Replace the isAdmin implementation: [#41171](https://github.com/owncloud/core/pull/41171) ## Details * Bugfix - Validate comment verb length: [#40965](https://github.com/owncloud/core/pull/40965) User input validation of comment verb https://github.com/owncloud/core/pull/40965 * Bugfix - Log.conditions with `shared_secret` shall not break file uploads: [#41044](https://github.com/owncloud/core/pull/41044) Any file upload (or PUT request in general) could cause a 500/Internal Server Error due to wrong usage of the request object. This is now fixed. https://github.com/owncloud/core/pull/41044 * Bugfix - Create previews from first page: [#41045](https://github.com/owncloud/core/pull/41045) On multi-page documents (doc, odt, pdf etc) the preview will now be generated from the first page and no longer from the last page. https://github.com/owncloud/core/pull/41045 * Bugfix - CalDAV query where the time range is not given: [#41050](https://github.com/owncloud/core/pull/41050) Outlook CalDAV plugin is sending `false` as time range which no longer results in a crash. https://github.com/owncloud/core/issues/39922 https://github.com/owncloud/core/pull/41050 * Bugfix - Store user information in explicit variable: [#41054](https://github.com/owncloud/core/pull/41054) Before user information was stored in the browser global object. In some rare cases browsers seem to loose data stored in the global object. This is fixed now. https://github.com/owncloud/enterprise/issues/5873 https://github.com/owncloud/core/pull/41054 * Bugfix - Fix expiration date and eliminate duplicate entries in file list: [#41056](https://github.com/owncloud/core/pull/41056) We've addressed two visual issues in the web ui file list. Firstly, the problem where the start of the epoch was mistakenly displayed as an expiration date in the shared file list has been resolved. Secondly, we've tackled the pesky bug causing duplicate entries to appear when switching between shared tabs and clicking on a file list entry. https://github.com/owncloud/core/pull/41056 * Bugfix - LDAP groups will be properly applied to external storages: [#41063](https://github.com/owncloud/core/pull/41063) The admin can setup external storages to be used by specific users and groups. When a LDAP group was setup, there were some issues so users belonging to that group weren't able to access the external storage even though they should. Now, users belonging to LDAP groups can access external storages configured to be accessed by those groups. https://github.com/owncloud/core/pull/41063 * Bugfix - Disallow browsers to translate the frontend: [#41067](https://github.com/owncloud/core/pull/41067) Web frontend offers a lot of proper translations. Browser capabilities are not needed. https://github.com/owncloud/core/issues/39946 https://github.com/owncloud/core/pull/41067 * Bugfix - Limit performance impact when version meta data is enabled: [#41069](https://github.com/owncloud/core/pull/41069) Negative performance impact when `file_storage.save_version_metadata` is enabled has been removed. https://github.com/owncloud/core/pull/41069 * Bugfix - Proper error handling when deleting users or groups: [#41077](https://github.com/owncloud/core/pull/41077) https://github.com/owncloud/core/pull/41077 https://github.com/owncloud/core/pull/41075 * Bugfix - Account terms can be removed if they differ with the ones stored: [#41120](https://github.com/owncloud/core/pull/41120) Search terms for the account can now be removed from the DB if they differ with the ones stored in the DB. This can happen with the user_ldap app, when user search attributes are removed from the connection configuration in the LDAP wizard. https://github.com/owncloud/core/pull/41120 * Bugfix - "user:list -a" occ command now correctly displays user's creation time: [#41125](https://github.com/owncloud/core/pull/41125) Previously, the "user:list -a" occ command was not correctly returning the user's creation time but rather the path to the user's home directory. This has been now fixed. https://github.com/owncloud/core/pull/41125 * Bugfix - Fix log exceptions for mp3 preview: [#41153](https://github.com/owncloud/core/pull/41153) This change fixes log exceptions when previews for mp3 files are being created https://github.com/owncloud/core/pull/41153 * Bugfix - Set oc_file_locks.id to bigint: [#41158](https://github.com/owncloud/core/pull/41158) https://github.com/owncloud/core/pull/41158 * Bugfix - Add compatibility to richdocuments.document.index route: [#41161](https://github.com/owncloud/core/pull/41161) https://github.com/owncloud/core/pull/41161 * Bugfix - Sanitize title in dialogs: [#41166](https://github.com/owncloud/core/pull/41166) https://github.com/owncloud/core/pull/41166 * Bugfix - Decommission of templateeditor app: [#41168](https://github.com/owncloud/core/pull/41168) https://github.com/owncloud/core/pull/41168 * Bugfix - Input validation when setting the displayname of a user or self: [#41172](https://github.com/owncloud/core/pull/41172) https://github.com/owncloud/core/pull/41172 * Bugfix - Image dimension validation on avatar upload and preview generation: [#41175](https://github.com/owncloud/core/pull/41175) https://github.com/owncloud/core/pull/41175 https://github.com/owncloud/core/pull/41193 * Change - No activities on rejected shares: [#41078](https://github.com/owncloud/core/pull/41078) As soon as a user has rejected a share no activities within this share are reported via the activity app. https://github.com/owncloud/core/pull/41078 * Change - Update PHP dependencies: [#41033](https://github.com/owncloud/core/pull/41033) The following have been updated: - deepdiver/zipstreamer (2.0.0 to v2.0.2) - doctrine/deprecations (1.1.2 to 1.1.3) - doctrine/lexer (2.1.0 to 2.1.1) - firebase/php-jwt (6.8.1 to 6.10.0) - google/apiclient (v2.15.1 to v2.15.3) - google/apiclient-services (v0.319.0 to v0.335.0) - google/auth (v1.31.0 to v1.35.0) - guzzlehttp/guzzle (7.8.0 to 7.8.1) - laravel/serializable-closure (v1.3.1 to v1.3.3) - league/mime-type-detection (1.13.0 to 1.15.0) - monolog/monolog (2.9.1 to 2.9.2) - phpseclib/phpseclib (3.0.33 to 3.0.35) - sabre/dav (4.4.0 to 4.6.0) - sabre/vobject (4.5.3 to 4.5.4) - symfony/console (5.4.28 to 5.4.35) - symfony/event-dispatcher (5.4.26 to 5.4.35) - symfony/polyfill-php80 (v1.28.0 to v1.29.0) - symfony/process (5.4.28 to 5.4.35) - symfony/routing (5.4.26 to 5.4.35) - symfony/string (5.4.29 to 5.4.35) - symfony/translation (5.4.24 to 5.4.35) https://github.com/owncloud/core/pull/41033 https://github.com/owncloud/core/pull/41071 https://github.com/owncloud/core/pull/41081 https://github.com/owncloud/core/pull/41097 https://github.com/owncloud/core/pull/41101 https://github.com/owncloud/core/pull/41102 https://github.com/owncloud/core/pull/41121 https://github.com/owncloud/core/pull/41126 https://github.com/owncloud/core/pull/41130 https://github.com/owncloud/core/pull/41132 https://github.com/owncloud/core/pull/41133 https://github.com/owncloud/core/pull/41139 https://github.com/owncloud/core/pull/41151 https://github.com/owncloud/core/pull/41152 https://github.com/owncloud/core/pull/41155 https://github.com/owncloud/core/pull/41173 https://github.com/owncloud/core/pull/41182 * Enhancement - Replace the isAdmin implementation: [#41171](https://github.com/owncloud/core/pull/41171) Instead of asking the backends for the groups an user belongs to, we now get the admin group and list the members to detect if user is admin or not https://github.com/owncloud/core/pull/41171