ownCloud 4 update improves security
The ownCloud Team has released an update to its open source cloud synchronisation software fixing a number of bugs and closing security holes. According to its developers, version 4.0.3 of ownCloud implements new cross-site request forgery (CSRF) security checks, while also addressing "several" cross-site scripting (XSS) vulnerabilities; specific details for these, however, are not provided.
The update improves WebDAV and Desktop Syncing performance, and corrects a potential data corruption bug in the encryption app. A check to see if the .htaccess file is working and if the data directory is protected has been added, as has a check on whether users are allowed to edit bookmarks. Other changes include better LDAP integration and group management, and fixes for Contacts, quota calculation, user account migration and the PDF viewer.
A full list of changes and fixes can be found in the change log. Version 4.0.3 of ownCloud is available to download from the project's site and is licensed under the AGPLv3. All 4.x users are advised to upgrade.
- ownCloud 4 adds version management, a report from The H.