One Hat Cyber Team
Your IP :
216.73.216.36
Server IP :
162.240.179.46
Server :
Linux vps-14493116.nutrivittasaude.com.br 5.14.0-611.49.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Apr 21 16:39:08 EDT 2026 x86_64
Server Software :
Apache
PHP Version :
8.2.31
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
var
/
softaculous
/
owncloud
/
Edit File:
changelog.txt
Changelog for ownCloud Core 10.16.3 (2026-05-22) The following sections list the changes in ownCloud core 10.16.3 relevant to ownCloud admins and users. Summary Security - Update phpseclib to 3.0.52 for CVE-2026-40194: #41529 Security - Restrict AppConfigController read methods to full admins only: #41550 Security - Update symfony/routing to 5.4.52 for CVE-2026-45065: #41559 Bugfix - Prevent mounting local storage if not allowed: #41538 Bugfix - Use the correct user ID when changing email via admin API: #41539 Bugfix - Prevent IDOR in WebDAV comments API: #41558 Details Security - Update phpseclib to 3.0.52 for CVE-2026-40194: #41529 CVE-2026-40194: Timing attack vulnerability in SSH binary packet processing. Upgraded phpseclib/phpseclib from 3.0.50 to 3.0.52. https://github.com/owncloud/core/pull/41529 https://github.com/owncloud/core/pull/41541 https://github.com/phpseclib/phpseclib/releases/tag/3.0.51 Security - Restrict AppConfigController read methods to full admins only: #41550 Subadmin users could read all oc_appconfig values including SMTP passwords, LDAP bind credentials, and encryption master keys via the Settings API. Removed @NoAdminRequired from getApps, getKeys, and getValue so that the AdminMiddleware enforces full-admin-only access, consistent with the write methods. https://github.com/owncloud/core/pull/41550 Security - Update symfony/routing to 5.4.52 for CVE-2026-45065: #41559 CVE-2026-45065: UrlGenerator route-requirement bypass via unanchored regex alternation allowing off-site URL injection. Upgraded symfony/routing from 5.4.48 to 5.4.52. https://github.com/owncloud/core/pull/41559 https://symfony.com/cve-2026-45065 Bugfix - Prevent mounting local storage if not allowed: #41538 Mounting a local storage was possible if the internal class name was used as backend, despite local storage not allowed to be mounted. This problem is fixed and the local storage can't be mounted if it was explicitly disallowed in the configuration. https://github.com/owncloud/core/pull/41538 Bugfix - Use the correct user ID when changing email via admin API: #41539 The admin API endpoint for changing a user's email address was incorrectly using the requesting admin's user ID instead of the target user's ID, causing the admin's email to be updated rather than the intended user's. https://github.com/owncloud/core/pull/41539 Bugfix - Prevent IDOR in WebDAV comments API: #41558 Authenticated users could read, edit, or delete comments on files they have no access to by supplying an arbitrary comment ID in the WebDAV comments endpoint. The fix verifies that a requested comment belongs to the file in the URL before returning it. https://github.com/owncloud/core/pull/41558 Changelog for ownCloud Core 10.16.1 (2026-02-18) The following sections list the changes in ownCloud core 10.16.1 relevant to ownCloud admins and users. Summary Bugfix - Apply SVG sanitization to all file content before using ImageMagick: #41433 Bugfix - Disallow empty tokens when pairing trusted servers: #41434 Change - Update PHP dependencies: #41408 Enhancement - Add mimetype aliases/mapping for .toml and .ovpn: #41431 Details Bugfix - Apply SVG sanitization to all file content before using ImageMagick: #41433 Any file content is now sanitized for SVG threats before being processed by ImageMagick, preventing potential security vulnerabilities. https://github.com/owncloud/core/pull/41433 Bugfix - Disallow empty tokens when pairing trusted servers: #41434 An empty token could be used to pair trusted servers, which is not secure. https://github.com/owncloud/core/pull/41434 Change - Update PHP dependencies: #41408 The following have been updated: - monolog/monolog (2.10.0 to 2.11.0) - pear/pear-core-minimal (v1.10.16 to v1.10.18) - phpseclib/phpseclib (3.0.47 to 3.0.48) - phpseclib/phpseclib (3.0.46 to 3.0.49) - pimple/pimple (3.5.0 to 3.6.0) - sabre/http (5.1.12 to 5.1.13) - sabre/vobject (4.5.7 to 4.5.8) - symfony/process (5.4.47 to 5.4.51) - theseer/tokenizer (1.2.3 to 1.3.1) https://github.com/owncloud/core/pull/41408 https://github.com/owncloud/core/pull/41421 https://github.com/owncloud/core/pull/41446 Enhancement - Add mimetype aliases/mapping for .toml and .ovpn: #41431 Mimetype aliases and mapping for .toml and .ovpn files got added. https://github.com/owncloud/core/pull/41431
Simpan