feat: add ownCloud 10.16.2 stable release (#599)

DeepDiver1975 · claude · web-flow · commit 05521e4969a1 · 2026-04-23T10:40:42.000Z
* feat: add ownCloud 10.16.2 stable release - Replace 10.16.2RC1 with 10.16.2 stable tarball - Migrate CVE suppression to per-version scoped .trivyignore files - Delete root .trivyignore - Update README to explicit version tags only Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: add CVE suppressions for 10.16.2 trivy scan - CVE-2024-51736: windows-only (symfony/process in updater vendor) - GHSA-27qh-8cxx-2cr5: bundled aws-sdk-php 3.337.3 in files_primary_s3, fix requires ownCloud to update Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: add CVE-2026-32935 to 10.15.3 trivyignore Will be fixed with oc 10.16.2. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: add CVE-2026-32935 to 10.16.1 trivyignore Will be fixed with oc 10.16.2. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: fix trivyignore files based on actual scan results - Remove stale CVE-2025-45769 (not present in any image) - Add CVE-2026-32935 to 11.0.0-prealpha (phpseclib 3.0.49 affected) - Fix GHSA-27qh-8cxx-2cr5 comment: not a php7.4 issue, bundled aws-sdk-php vendor Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add extra-tags to matrix entries - 10.16.2: also publishes 10.16, 10, latest - 10.15.3: also publishes 10.15 - 10.16.1, 11.0.0-prealpha: explicit version tag only Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -24,24 +24,36 @@ jobs:
       docker-build-args: |
         TARBALL_URL=${{ matrix.release.tarball }}
       push: ${{ github.ref == 'refs/heads/master' }}
+      trivy-ignore-files: ${{ matrix.release.trivy-ignore }}
+      docker-extra-tags: ${{ matrix.release.extra-tags }}
     secrets:
       docker-hub-password: ${{ secrets.DOCKERHUB_TOKEN }}
 
     strategy:
       matrix:
         release:
-          - version: 11.0.0-prealpha
-            tarball: https://download.owncloud.com/server/daily/owncloud-daily-master.tar.bz2
-            base: v24.04
-          - version: 10.16.2RC1
-            tarball: https://download.owncloud.com/server/testing/owncloud-complete-20260414.tar.bz2
+          - version: 10.16.2
+            tarball: https://download.owncloud.com/server/stable/owncloud-complete-20260422.tar.bz2
             base: v22.04
+            trivy-ignore: v22.04/10.16.2/.trivyignore
+            extra-tags: |
+              10.16
+              10
+              latest
           - version: 10.16.1
             tarball: https://download.owncloud.com/server/stable/owncloud-complete-20260218.tar.bz2
             base: v22.04
+            trivy-ignore: v22.04/10.16.1/.trivyignore
           - version: 10.15.3
             tarball: https://download.owncloud.com/server/stable/owncloud-complete-20250703.tar.bz2
             base: v22.04
+            trivy-ignore: v22.04/10.15.3/.trivyignore
+            extra-tags: |
+              10.15
+          - version: 11.0.0-prealpha
+            tarball: https://download.owncloud.com/server/daily/owncloud-daily-master.tar.bz2
+            base: v24.04
+            trivy-ignore: v24.04/11.0.0-prealpha/.trivyignore
 
   update-docker-hub-description:
     needs: build
diff --git a/.trivyignore b/.trivyignore
diff --git a/README.md b/README.md
@@ -29,8 +29,10 @@ ownCloud is an open-source file sync, share and content collaboration software t
 
 ## Docker Tags and respective Dockerfile links
 
-- [`10.16.0`](https://github.com/owncloud-docker/server/blob/master/v22.04/Dockerfile.multiarch) available as `owncloud/server:10.16.0`, `owncloud/server:10.16`, `owncloud/server:10`, `owncloud/server:latest`
-- [`10.15.3`](https://github.com/owncloud-docker/server/blob/master/v22.04/Dockerfile.multiarch) available as `owncloud/server:10.15.3`, `owncloud/server:10.15`
+- [`10.16.2`](https://github.com/owncloud-docker/server/blob/master/v22.04/Dockerfile.multiarch) available as `owncloud/server:10.16.2`
+- [`10.16.1`](https://github.com/owncloud-docker/server/blob/master/v22.04/Dockerfile.multiarch) available as `owncloud/server:10.16.1`
+- [`10.15.3`](https://github.com/owncloud-docker/server/blob/master/v22.04/Dockerfile.multiarch) available as `owncloud/server:10.15.3`
+- [`11.0.0-prealpha`](https://github.com/owncloud-docker/server/blob/master/v24.04/Dockerfile.multiarch) available as `owncloud/server:11.0.0-prealpha`
 
 ## Default volumes
 
diff --git a/v22.04/10.15.3/.trivyignore b/v22.04/10.15.3/.trivyignore
@@ -0,0 +1,8 @@
+# vulnerability is affecting windows only
+CVE-2024-51736
+
+# fix requires ownCloud to update bundled aws-sdk-php (3.226.0 -> 3.371.4) in files_primary_s3
+GHSA-27qh-8cxx-2cr5
+
+# will be fixed with oc 10.16.2 - TODO: remove once 10.16.2 is available for this branch
+CVE-2026-32935
diff --git a/v22.04/10.16.1/.trivyignore b/v22.04/10.16.1/.trivyignore
@@ -0,0 +1,8 @@
+# vulnerability is affecting windows only
+CVE-2024-51736
+
+# fix requires ownCloud to update bundled aws-sdk-php (3.226.0 -> 3.371.4) in files_primary_s3
+GHSA-27qh-8cxx-2cr5
+
+# will be fixed with oc 10.16.2 - TODO: remove once 10.16.2 is available for this branch
+CVE-2026-32935
diff --git a/v22.04/10.16.2/.trivyignore b/v22.04/10.16.2/.trivyignore
@@ -0,0 +1,5 @@
+# vulnerability is affecting windows only
+CVE-2024-51736
+
+# fix requires ownCloud to update bundled aws-sdk-php (3.337.3 -> 3.371.4) in files_primary_s3
+GHSA-27qh-8cxx-2cr5
diff --git a/v24.04/11.0.0-prealpha/.trivyignore b/v24.04/11.0.0-prealpha/.trivyignore
@@ -0,0 +1,5 @@
+# vulnerability is affecting windows only
+CVE-2024-51736
+
+# will be fixed with oc 11.0.0 - TODO: remove once fixed
+CVE-2026-32935
