In association with heise online

26 June 2012, 11:00

ownCloud 4 update improves security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

ownCloud logo The ownCloud Team has released an update to its open source cloud synchronisation software fixing a number of bugs and closing security holes. According to its developers, version 4.0.3 of ownCloud implements new cross-site request forgery (CSRF) security checks, while also addressing "several" cross-site scripting (XSS) vulnerabilities; specific details for these, however, are not provided.

The update improves WebDAV and Desktop Syncing performance, and corrects a potential data corruption bug in the encryption app. A check to see if the .htaccess file is working and if the data directory is protected has been added, as has a check on whether users are allowed to edit bookmarks. Other changes include better LDAP integration and group management, and fixes for Contacts, quota calculation, user account migration and the PDF viewer.

A full list of changes and fixes can be found in the change log. Version 4.0.3 of ownCloud is available to download from the project's site and is licensed under the AGPLv3. All 4.x users are advised to upgrade.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit