[owncloud-devel] [Request] Blog with security updates that impact Apps
owncloud at nosolutions.com
Thu Jul 9 20:49:00 GMT 2015
On 7/9/15 10:01 AM, Lukas Reschke wrote:
>> On 09 Jul 2015, at 15:37, Ben Curtis <owncloud at nosolutions.com> wrote:
>> the former of which will require an almost entire rewrite
> That's not quite the fact. You can allow data: resources with custom CSP policies. See https://github.com/owncloud/core/pull/13989
Yea, I ended up figuring that out after I had started rewriting an
entire backend to store images (a few hours after sending this email). A
lucky search online brought up a GitHub page with the code change on it,
so I hunted for the pull request that had documentation with it. Thanks
for the followup, though.
In any event, there are quite a few users of my app, and I try to keep
them happy, but with me being an N of 1 and this not being full time,
it's tough to watch the beta changelogs and sift through for things that
could impact me.
A good example is this: https://github.com/hypery2k/owncloud/issues/344
A change in 8.1 broke the Roundcube plugin, used by thousands, in such a
way that login/logout actually brakes on the entire server. On top of
that, because of the user issue, 3rd party apps couldn't access the API.
So in a minor version change (8.0.5 to 8.1), things changed that created
a big list of GitHub entries across (potentially) many apps. It took me
quiet a while to identify that the problem wasn't in my app (basically,
enough users reporting it that were also running RoundCube). Hypery2k is
back on the fence about continuing his dev after this one, which would
Some form of alert system, perhaps a trackable page on GitHub, that
warns us in advance without having to track the entire progress of
ownCloud would be extremely handy.
More information about the Devel