[owncloud-devel] [Request] Blog with security updates that impact Apps

Ben Curtis owncloud at nosolutions.com
Thu Jul 9 20:49:00 GMT 2015

On 7/9/15 10:01 AM, Lukas Reschke wrote:
>> On 09 Jul 2015, at 15:37, Ben Curtis <owncloud at nosolutions.com> wrote:
>> the former of which will require an almost entire rewrite
> That's not quite the fact. You can allow data: resources with custom CSP policies. See https://github.com/owncloud/core/pull/13989

Yea, I ended up figuring that out after I had started rewriting an 
entire backend to store images (a few hours after sending this email). A 
lucky search online brought up a GitHub page with the code change on it, 
so I hunted for the pull request that had documentation with it. Thanks 
for the followup, though.

In any event, there are quite a few users of my app, and I try to keep 
them happy, but with me being an N of 1 and this not being full time, 
it's tough to watch the beta changelogs and sift through for things that 
could impact me.

A good example is this: https://github.com/hypery2k/owncloud/issues/344

A change in 8.1 broke the Roundcube plugin, used by thousands, in such a 
way that login/logout actually brakes on the entire server. On top of 
that, because of the user issue, 3rd party apps couldn't access the API. 
So in a minor version change (8.0.5 to 8.1), things changed that created 
a big list of GitHub entries across (potentially) many apps. It took me 
quiet a while to identify that the problem wasn't in my app (basically, 
enough users reporting it that were also running RoundCube). Hypery2k is 
back on the fence about continuing his dev after this one, which would 
be unfortunate.

Some form of alert system, perhaps a trackable page on GitHub, that 
warns us in advance without having to track the entire progress of 
ownCloud would be extremely handy.


More information about the Devel mailing list