Skip to content

Commit d8da9fa

Browse files
chore: update changelog
1 parent 7da5538 commit d8da9fa

1 file changed

Lines changed: 111 additions & 5 deletions

File tree

CHANGELOG.md

Lines changed: 111 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,14 @@ ownCloud admins and users.
3838

3939
## Summary
4040

41+
* Security - Prevent user enumeration via differential password reset UI: [#41586](https://github.com/owncloud/core/pull/41586)
42+
* Bugfix - Add missing space to mail footer signature delimiter: [#41364](https://github.com/owncloud/core/issues/41364)
43+
* Bugfix - Fix htaccess RewriteBase rules blocking API requests by file extension: [#41418](https://github.com/owncloud/core/issues/41418)
44+
* Bugfix - Fix subadmin email change updating caller's address instead of target's: [#41574](https://github.com/owncloud/core/pull/41574)
45+
* Bugfix - Adjust code to avoid PHP8 messages: [#41597](https://github.com/owncloud/core/pull/41597)
46+
* Bugfix - Support federation between systems in subdirectories: [#41599](https://github.com/owncloud/core/pull/41599)
47+
* Bugfix - Remove owncloud.com/federation link from federated cloud settings: [#41608](https://github.com/owncloud/core/pull/41608)
48+
* Bugfix - Fix JS test isolation bugs exposed by Jasmine 5 random test ordering: [#41616](https://github.com/owncloud/core/pull/41616)
4149
* Change - Update M$ Office icons: [#41347](https://github.com/owncloud/core/pull/41347)
4250
* Change - No longer store auto loader information in any memory cache: [#41376](https://github.com/owncloud/core/pull/41376)
4351
* Change - Update PHP dependencies: [#41450](https://github.com/owncloud/core/pull/41450)
@@ -47,6 +55,89 @@ ownCloud admins and users.
4755

4856
## Details
4957

58+
* Security - Prevent user enumeration via differential password reset UI: [#41586](https://github.com/owncloud/core/pull/41586)
59+
60+
The login form showed a "Reset it?" link only when a valid user on a backend
61+
that supports password changes was detected. LDAP users produced a different
62+
response than non-existent users, allowing unauthenticated enumeration of
63+
accounts on those backends. The backend capability check has been removed; the
64+
reset link is now shown uniformly regardless of user existence or backend type.
65+
66+
https://github.com/owncloud/core/pull/41586
67+
68+
* Bugfix - Add missing space to mail footer signature delimiter: [#41364](https://github.com/owncloud/core/issues/41364)
69+
70+
We've fixed the signature delimiter in the email footer templates. The delimiter
71+
on the first line was missing the trailing space required by the signature block
72+
convention (RFC 3676), so mail clients were unable to recognize and collapse the
73+
signature. The delimiter is now correctly written as "-- " (dash-dash-space).
74+
75+
https://github.com/owncloud/core/issues/41364
76+
https://github.com/owncloud/core/pull/41617
77+
78+
* Bugfix - Fix htaccess RewriteBase rules blocking API requests by file extension: [#41418](https://github.com/owncloud/core/issues/41418)
79+
80+
Files whose names end in extensions like .jpg, .png, .svg, .json and others
81+
could not be marked as favorites or have their tags updated via the files API
82+
when htaccess.RewriteBase was configured. The .htaccess rules generated by `occ
83+
maintenance:update:htaccess` used a URI extension check to skip routing through
84+
index.php, which inadvertently blocked API requests to paths like
85+
`/apps/files/api/v1/files/photo.jpg`, returning 405 Method Not Allowed.
86+
87+
The fix replaces the extension-based condition with `RewriteCond
88+
%{REQUEST_FILENAME} !-f`, which correctly routes virtual API paths through
89+
index.php while still serving actual static files directly.
90+
91+
https://github.com/owncloud/core/issues/41418
92+
93+
* Bugfix - Fix subadmin email change updating caller's address instead of target's: [#41574](https://github.com/owncloud/core/pull/41574)
94+
95+
The verification token and confirmation link in the subadmin path of
96+
setMailAddress were associated with the caller's account instead of the target
97+
user's account. Clicking the confirmation link changed the subadmin's email
98+
rather than the intended target's email.
99+
100+
https://github.com/owncloud/core/pull/41574
101+
102+
* Bugfix - Adjust code to avoid PHP8 messages: [#41597](https://github.com/owncloud/core/pull/41597)
103+
104+
Avoid trying to access array offset on false in the encryption storage wrapper.
105+
106+
Handle passing null to normalizeUrl in the federation DbHandler.
107+
108+
https://github.com/owncloud/core/pull/41597
109+
110+
* Bugfix - Support federation between systems in subdirectories: [#41599](https://github.com/owncloud/core/pull/41599)
111+
112+
If a federated server was installed in a subdirectory like:
113+
114+
Mydomain.com/cloud
115+
116+
Then checks to see that the server is up and responding would fail. This problem
117+
has been corrected.
118+
119+
https://github.com/owncloud/core/pull/41599
120+
121+
* Bugfix - Remove owncloud.com/federation link from federated cloud settings: [#41608](https://github.com/owncloud/core/pull/41608)
122+
123+
The "Add to your website" feature in the personal federation settings was
124+
generating a link to https://owncloud.com/federation# which no longer works
125+
after owncloud.com was restructured. The federation Cloud ID is now displayed
126+
directly without linking to the defunct external page.
127+
128+
https://github.com/owncloud/core/pull/41608
129+
130+
* Bugfix - Fix JS test isolation bugs exposed by Jasmine 5 random test ordering: [#41616](https://github.com/owncloud/core/pull/41616)
131+
132+
Several JS test specs left shared singleton state dirty between tests, causing
133+
intermittent failures when Jasmine 5 ran tests in random order. Fixed
134+
OC._currentMenu leak in fileactionsmenuSpec, stale OCA.Files.fileActions
135+
reference causing infinite recursion in files_sharing/appSpec, and stale models
136+
in the OC.SystemTags.collection singleton in systemtagsinfoviewSpec and
137+
systemtagsinputfieldSpec.
138+
139+
https://github.com/owncloud/core/pull/41616
140+
50141
* Change - Update M$ Office icons: [#41347](https://github.com/owncloud/core/pull/41347)
51142

52143
Icons have been updated according to the M$ cloud storage partner program
@@ -67,35 +158,50 @@ ownCloud admins and users.
67158

68159
* google/apiclient (v2.19.0 to v2.19.3)
69160

70-
* google/apiclient-services (v0.435.0 to v0.441.1)
161+
* google/apiclient-services (v0.435.0 to v0.444.0)
71162

72-
* google/auth (v1.50.0 to v1.50.1)
163+
* google/auth (v1.50.0 to v1.51.0)
73164

74165
* guzzlehttp/psr7 (2.8.0 to 2.10.4)
75166

76-
* guzzlehttp/guzzle (7.10.0 to 7.11.0)
167+
* guzzlehttp/guzzle (7.10.0 to 7.11.1)
77168

78169
* guzzlehttp/promises (2.3.0 to 2.4.1)
79170

80171
* laravel/serializable-closure (v2.0.10 to v2.0.13)
81172

82-
* phpseclib/phpseclib (3.0.49 to 3.0.50)
173+
* phpseclib/phpseclib (3.0.49 to 3.0.53)
83174

84175
* pimple/pimple (3.6.1 to 3.6.2)
85176

177+
* sabre/event (5.1.7 to 5.1.8)
178+
86179
* sabre/vobject (4.5.8 to 4.6.0)
87180

88-
* symfony/deprecation-contracts (v3.6.0 to v3.7.0)
181+
* symfony/console (v7.4.7 to v7.4.13)
89182

90183
* symfony/mailer (v7.4.6 to v7.4.12)
91184

185+
* symfony/process (v7.4.5 to v7.4.13)
186+
187+
* symfony/routing (v7.4.6 to v7.4.13)
188+
189+
* symfony/string (v7.4.6 to v7.4.13)
190+
191+
* symfony/translation (v7.4.6 to v7.4.10)
192+
193+
* symfony/deprecation-contracts (v3.6.0 to v3.7.0)
194+
195+
* symfony/translation-contracts (v3.6.1 to v3.7.0)
196+
92197
https://github.com/owncloud/core/pull/41450
93198
https://github.com/owncloud/core/pull/41477
94199
https://github.com/owncloud/core/pull/41495
95200
https://github.com/owncloud/core/pull/41561
96201
https://github.com/owncloud/core/pull/41564
97202
https://github.com/owncloud/core/pull/41569
98203
https://github.com/owncloud/core/pull/41590
204+
https://github.com/owncloud/core/pull/41613
99205

100206
* Change - Drop command db:convert-type: [#41451](https://github.com/owncloud/core/pull/41451)
101207

0 commit comments

Comments
 (0)