Unsupported version of ownCloud server

Home Forums User Contributions OPI Support Unsupported version of ownCloud server

This topic contains 9 replies, has 6 voices, and was last updated by pa pa 7 months ago.

  • Author
    Posts
  • #918

    DarS
    Participant

    Hello,
    Since few weeks/months my ownCloud client on Linux has started to complain about unsupported server version installed in OPI appliance:
    The server version 6.0.7 is old and unsupported! Proceed at your own risk.

    How bad is this? Any security risk/exposure caused by 6.0.7?
    And of course the most important – is new, updated ownCloud server coming to OPI device soon?

    ownCloud web page suggests that ver. 6 and 7 are unsupported, and that ver. 8, 8.1, 8.2 and 9 are for production use.

    Best regards,
    -DarS

  • #919
    Tor Krill
    Tor Krill
    Keymaster

    Hi DarS,

    We are currently working on a general upgrade of the software on OPI and with that is a planned upgrade of the Owncloud component. There have though been some problems with precisely the Owncloud software that have delayed this. (They don’t support upgrades between more than one major revision and further more they have removed both the calendar and contacts UI into separate applications)

    So you will hopefully get an upgrade on this in the short future.

    Regarding security there are, of course, always risks with running elderly software with known problems. With that said, there are to our knowledge no known exploits being widely used against OC.

    /Tor

  • #923

    DarS
    Participant

    Thanks! I’m therefore waiting for this upgrade to come.

    In the meantime I bumped into another security-related issue, namely the certificates.

    One of the client applications (perhaps the ownCloud client, but it also could be calendar or email client, as I tested bunch of them recently) complained about SHA-1 Certificate:

    The certificate for this site expires in 2017 or later, and the certificate chain contains a certificate signed using SHA-1

    I did not have time to investigate further, but I understand that SHA-1 is set for discontiniance from 2017. So I guess our devices would require new set of OPI certs in coming months.

    Regards,
    -DarS

    • #926
      pa
      pa
      Keymaster

      Hi DarS,

      Regarding the certificate, this is an issue that we are aware of. Currently we are looking at updating our certificate chain, but there are a lot of dependencies that comes along with that…

      We are also trying to get a certificate that is signed by a “trusted” CA, so that browsers and other applications does not complain about the certificate.

      /PA

  • #924

    murtagh
    Participant

    Have you looked into the OwnCloud fork called NextCloud? It seems to be a situation very similar to the OpenOffice/LibreOffice split a while back where the business people went one way and the technical people went the other. The technical people started NextCloud. At this point it is supposedly a drop-in replacement. It might be a better fit as an upstream source.

    Murtagh

    • #927
      Tor Krill
      Tor Krill
      Keymaster

      Hi murtagh,

      We are of course aware of the NextCloud fork of Owncloud. We however decided to first look into the upgrade of the old Owncloud to a newer version. Further more we would like the dust to settle a bit before we evaluate the situation and then decide if a change would be the right thing to do.

      With that said Nextcloud seems to address many of the “issues” we have with the Owncloud organization. (Such as the split in an enterprise vs community edition, the CLA for contributions and other rubbish.)

      /Tor

  • #930

    harrijer
    Participant

    I know this may start a religious war – but would you consider separating the caldav/carddav out of owncloud/nextcloud/andthenextfalloutafterthenextcloud?

    I’m considering installing a Baikal server just so that I can break the dependency between Owncloud and having an up to date caldav server.

    I am looking at Baikal (on a different machine) as it is the same Sabre stuff under the covers and is now part of Sabre.

    But I’m not an expert 🙂 So if you could do it on the opi I would obviously prefer it 😉

    Just an idea to throw into the pot.

    /J

  • #931
    pa
    pa
    Keymaster

    No fear of getting into a war with us, thoughts and comments are always welcome.

    The ‘owncloud/nextcloud/….’ business is definitely worrying, and we have many times thought of what and how we can live without that.
    One option is just as you say to break the functionality into separate software, and while it might be fairly straight forward doing that on a single system to make it work, it is a lot more to think about before it can be rolled out in production.
    But we are looking and thinking about this kind of things.

    /PA

  • #948

    kivinen
    Participant

    Any progress on this? When are we going to get updated ownCloud server?

  • #961
    pa
    pa
    Keymaster

    Hi,

    I have just posted an updated on what we are currently up to, including the update “plan”.

    Thoughts and updates

    /PA

You must be logged in to reply to this topic.

Posted in