[owncloud-devel] [Request] Blog with security updates that impact Apps

Jos Poortvliet jospoortvliet at gmail.com
Fri Jul 10 09:28:18 GMT 2015

On Thursday 09 July 2015 16:49:00 Ben Curtis wrote:
> On 7/9/15 10:01 AM, Lukas Reschke wrote:
> >> On 09 Jul 2015, at 15:37, Ben Curtis <owncloud at nosolutions.com> wrote:
> >> 
> >> the former of which will require an almost entire rewrite
> > 
> > That's not quite the fact. You can allow data: resources with custom CSP
> > policies. See https://github.com/owncloud/core/pull/13989
> Yea, I ended up figuring that out after I had started rewriting an
> entire backend to store images (a few hours after sending this email). A
> lucky search online brought up a GitHub page with the code change on it,
> so I hunted for the pull request that had documentation with it. Thanks
> for the followup, though.
> In any event, there are quite a few users of my app, and I try to keep
> them happy, but with me being an N of 1 and this not being full time,
> it's tough to watch the beta changelogs and sift through for things that
> could impact me.
> A good example is this: https://github.com/hypery2k/owncloud/issues/344
> A change in 8.1 broke the Roundcube plugin, used by thousands, in such a
> way that login/logout actually brakes on the entire server. On top of
> that, because of the user issue, 3rd party apps couldn't access the API.
> So in a minor version change (8.0.5 to 8.1)

Note that ownCloud 8.1 is as big a release as 8.0 or 7.0 - we just have a new 
numbering now, with all releases in a year having the same major number. I 
know, this isn't the most logical thing but otherwise we'd end up at ownCloud 
30.0.3 within a few years...

Otherwise I fully support your request and, actually, I'm about to publish a 
blog about changes for developers in ownCloud 8.1.


> , things changed that created
> a big list of GitHub entries across (potentially) many apps. It took me
> quiet a while to identify that the problem wasn't in my app (basically,
> enough users reporting it that were also running RoundCube). Hypery2k is
> back on the fence about continuing his dev after this one, which would
> be unfortunate.
> Some form of alert system, perhaps a trackable page on GitHub, that
> warns us in advance without having to track the entire progress of
> ownCloud would be extremely handy.
> Thanks,
> Ben
> _______________________________________________
> Devel mailing list
> Devel at owncloud.org
> http://mailman.owncloud.org/mailman/listinfo/devel

Everything I do and say is based on my view of the world today. I am not 
responsible for changes in the world, nor my view on it. Everything I say is 
meant in a positive and friendly way, unless explicitly stated otherwise.
find me on blog.jospoortvliet.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.owncloud.org/pipermail/devel/attachments/20150710/a040a0a7/attachment.sig>

More information about the Devel mailing list