From 2cae709a84ae55416536895b7c6c801ab2425f19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= <1005065+DeepDiver1975@users.noreply.github.com> Date: Tue, 14 Apr 2026 12:15:59 +0200 Subject: [PATCH 1/3] feat: add ownCloud 10.16.2RC1 release candidate build Adds 10.16.2RC1 to the CI matrix using the daily testing tarball and comments out CVE-2026-32935 and GHSA-27qh-8cxx-2cr5 in .trivyignore as they will be fixed in 10.16.2. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/main.yml | 3 +++ .trivyignore | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 09d8ed5..ac3a2bc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -33,6 +33,9 @@ jobs: - version: 11.0.0-prealpha tarball: https://download.owncloud.com/server/daily/owncloud-daily-master.tar.bz2 base: v24.04 + - version: 10.16.2RC1 + tarball: https://download.owncloud.com/server/testing/owncloud-complete-20260414.tar.bz2 + base: v22.04 - version: 10.16.1 tarball: https://download.owncloud.com/server/stable/owncloud-complete-20260218.tar.bz2 base: v22.04 diff --git a/.trivyignore b/.trivyignore index 344670f..a2b63b0 100644 --- a/.trivyignore +++ b/.trivyignore @@ -8,5 +8,6 @@ CVE-2025-45769 # will be fixed with oc 10.16.2 and 11.0.0 -CVE-2026-32935 -GHSA-27qh-8cxx-2cr5 +# CVE-2026-32935 + +# GHSA-27qh-8cxx-2cr5 From 611d94c0650b4f264c1823435ab897310b990196 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= <1005065+DeepDiver1975@users.noreply.github.com> Date: Tue, 14 Apr 2026 12:24:46 +0200 Subject: [PATCH 2/3] chore: re-enable GHSA-27qh-8cxx-2cr5 ignore for php7.4 No fixed version is available for php7.4, so the CVE must remain ignored. Add a clarifying comment explaining the reason. Co-Authored-By: Claude Sonnet 4.6 --- .trivyignore | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.trivyignore b/.trivyignore index a2b63b0..05293f2 100644 --- a/.trivyignore +++ b/.trivyignore @@ -10,4 +10,6 @@ CVE-2025-45769 # CVE-2026-32935 -# GHSA-27qh-8cxx-2cr5 +# with php7.4 there is no version available which fixes the following + +GHSA-27qh-8cxx-2cr5 From 6c317924f680c28b1dd3e1ae4e005c9a402bf358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= <1005065+DeepDiver1975@users.noreply.github.com> Date: Tue, 14 Apr 2026 12:49:56 +0200 Subject: [PATCH 3/3] chore: restore CVE-2026-32935 ignore with TODO reminder Re-enables the CVE-2026-32935 ignore entry and adds a TODO comment to remove it once ownCloud 10.16.2 is released. Co-Authored-By: Claude Sonnet 4.6 --- .trivyignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.trivyignore b/.trivyignore index 05293f2..e84084b 100644 --- a/.trivyignore +++ b/.trivyignore @@ -6,9 +6,9 @@ CVE-2024-51736 CVE-2025-45769 -# will be fixed with oc 10.16.2 and 11.0.0 +# will be fixed with oc 10.16.2 and 11.0.0 - TODO: remove once 10.16.2 is out -# CVE-2026-32935 +CVE-2026-32935 # with php7.4 there is no version available which fixes the following