Part 1: Overview and How to Load Extensions

Introduction to Web Applications in oCIS

In today’s fast-paced digital world, web applications play a crucial role in enhancing user experience and functionality. Infinite Scale comes with a world-class web interface to manage file resources, but it can be extended by utilizing ownCloud Infinite Scale (oCIS) as a construction set for custom web apps.

For organizations using oCIS, understanding how to leverage web applications can significantly enhance their productivity and user engagement.

In this series, we will delve into the world of web applications in oCIS, focusing on how extensions are loaded and utilized.

Use Cases and Benefits of Custom Extensions

The ability to provide custom extensions in oCIS opens up myriad possibilities for organizations. Here are some key use cases and benefits:

1. Tailored User Experience:
   Custom extensions allow organizations to create a unique user experience that aligns with their specific needs. For instance, a company can develop a custom dashboard that displays relevant metrics and reports, enhancing productivity and decision-making.
2. Third-party Integrations:

   Web applications enable seamless integration with third-party services and tools, enhancing overall functionality. Organizations can integrate CRM systems, marketing automation tools, or custom data visualization tools directly into their oCIS environment, providing a seamless workflow for users.
3. Enhanced Security and Compliance:

   Custom extensions can help organizations adhere to specific security and compliance requirements by adding features like custom authentication mechanisms, data encryption tools, or compliance reporting modules.
4. Branding and Identity:

   By customizing the look and feel of the web applications, organizations can ensure their brand identity is consistently represented across their digital platforms. This can include custom themes, logos, and color schemes.
5. Innovative Features:

   Custom extensions allow organizations to experiment with new features and functionalities that are not available in the default setup. This can include AI-powered tools, advanced analytics, or unique collaboration features.

The ability to provide custom extensions makes oCIS a powerful and flexible platform that can adapt to the evolving needs of any organization. It empowers operators of the cloud to craft solutions that are not only functional but also aligned with their strategic goals.

Loading Extensions in oCIS

In oCIS, extensions can be loaded at both build time and runtime. Understanding the difference between these two methods is key to effectively managing and utilizing extensions.

• Build Time Extensions:

  These are integrated into the binary during the build process. They are part of the core system and cannot be altered without rebuilding the system. This ensures a stable and consistent environment where critical applications are always available.
• Runtime Extensions:

  These are loaded dynamically at runtime, providing greater flexibility. They can be placed in a designated directory and are automatically picked up by the system. This allows you to easily add, update, or remove extensions as needed, without the need for a system rebuild.

Extensions, also known as apps, are written in JavaScript, but we use TypeScript because of all its benefits. TypeScript enhances the development process with features such as static typing, which helps catch errors early and improves code maintainability and scalability.

How to Load Extensions

1. Build Time Extensions:
   • Located in <ocis_repo>/services/web/assets/apps.
   • Integrated into the system during the build process.
   • These extensions are part of the binary and cannot be modified at runtime.

1. Runtime Extensions:
   • Stored in the directory specified by the WEB_ASSET_APPS_PATH environment variable.
   • By default, this path is $OCIS_BASE_DATA_PATH/web/apps, but it can be customized.
   • Runtime extensions are automatically loaded from this directory, making it easy to add or remove extensions without rebuilding the system.

The ability to load extensions at runtime is particularly powerful, as it allows for a high degree of customization and flexibility. You can quickly respond to changing needs by adding new functionality or removing outdated extensions.

Manifest File

Each web application must include a manifest.json or manifest.yaml file. This file contains essential information about the application, including its entry point and configuration details.

Example of a manifest.json file:
{ "entrypoint": "index.js",
 "config": {
  "maxWidth": 1280,
  "maxHeight": 1280
 }
}

The manifest file ensures that the system correctly recognizes and integrates the extension. It is a crucial component for defining how the web application should be loaded and what configurations it requires.

Custom Configuration and Overwriting Options

You can provide custom configurations in the $OCIS_BASE_DATA_PATH/config/apps.yaml file. This allows for fine-tuning of each extension’s behavior and settings.
The apps.yaml file can contain custom settings that overwrite the default configurations specified in the extension’s manifest.json file.

Example of apps.yaml file:
image-viewer-obj:
 config:
  maxHeight: 640
  maxSize: 512

In this example, the maxHeight value specified in the apps.yaml file will overwrite the value from the manifest.json file.
 
This provides you with the flexibility to customize extensions to better meet the specific needs of their environment.

Using Custom Assets

Besides configuration, you might need to customize certain assets within an extension, such as logos or images.
This can be achieved by placing the custom assets in the path defined by WEB_ASSET_APPS_PATH.
For instance, if the default image-viewer-dfx application includes a logo that an organization wants to replace, they can place the new logo in a directory structured like WEB_ASSET_APPS_PATH/image-viewer-dfx/logo.png.

The system will load this custom asset, replacing the default one. This method allows for easy and effective customization without altering the core application code.

Configuration Example

To illustrate how custom configurations and assets work together, consider the following scenario:
Default Configuration:
 "entrypoint": "index.js",
 "config": {
  "maxWidth": 1280,
  "maxHeight": 1280
 }
}

Custom Configuration in apps.yaml:
image-viewer-obj:
 config:
  maxHeight: 640
  maxSize: 512

Final Merged Configuration:
{
 "external_apps": [
  {
   "id": "image-viewer-obj",
   "path": "index.js",
   "config": {
    "maxWidth": 1280,
    "maxHeight": 640,
    "maxSize": 512
   }
  }
 ]
}

This example demonstrates how the system merges default and custom configurations to create the final settings used by the application.

Conclusion

In this first part of our series, we’ve covered the basics of web applications in oCIS, focusing on the importance of web applications, how extensions are loaded, and how you can customize these extensions through configuration and asset overwriting.

Understanding these fundamentals is crucial for effectively managing and leveraging web applications in oCIS.

In the next post, we will dive deeper into the process of writing and running a basic extension.

Stay tuned for detailed instructions and tips on getting started with your first web extension in oCIS.

Resources:

• Web Readme
• Overview of Available Extensions
• Introduction PR
• Design Document and Requirements

All Data Stays on Your Server

Secure View is an exclusive feature in the Web Office Suite Collabora. When you share your documents in ownCloud with the “Secure View” permission, they can be securely viewed within the Collabora application. Your documents stay secure because they never leave your server with Collabora. Instead, Collabora sends only a kind of “video stream” of the document needed to display it on the user’s screen. The actual document stays safe behind your security measures like firewalls, VPNs, and reverse proxies. Only the visible parts of the document are sent as images, not the original file via Collabora. This means that no one can extract the document without your permission. Even if someone gets access to the view, they can’t extract the document itself.

Digital Watermarks Make Screenshots Useless

For added security, watermarks with the viewer’s name are applied to the document view. This discourages sharing screenshots of sensitive information and ensures accountability, helping to keep your latest product plans and other confidential data safe.

Michael Meeks, CEO, Collabora Productivity

“Collabora is built with security in mind. We implement a robust, layered approach that helps give our customers the confidence in our products and the peace of mind they demand. We love to work with ownCloud, a Kiteworks Company, to make that happen.”

This Is How You Share a Document in Secure View

Secure View is a sharing role with special permissions. To share a document in Secure View, select “Can view (secure)” in the dialog.

Understanding the Difference

Compare the permissions of Secure View role “Can view (secure)” with the other roles.

Demo: Try now

Try Secure View here (no registration needed):

Online Demo

1. Log in as Einstein:
   • Username: einstein
   • Password: relativity
2. Create a Document:
   • Name it “For Marie.odt”
   • Share the Document:
   • Share “For Marie.odt” with user Marie
3. Log in as Marie:
   • Username: marie
   • Password: radioactivity
4. Open the Shared Document:
   • Go to shares and open “For Marie.odt”
5. Check the Watermark:
   Note the watermark “Albert Einstein einstein@example.org” on the document

In addition to our Production releases, you can now install the new release type Rolling, which allows you to experience the latest features without having to wait for a Production release. The Rolling release offers access to the latest features and improvements every three weeks. This new release type complements our existing Production and Daily releases, providing a flexible and dynamic update cycle perfect for early adopters and enthusiasts.

Advantages of the Rolling Release

The Rolling release is designed for users who want to get the latest greatest features. Here are the key benefits:

• Frequent Updates: Receive the latest features and improvements every three weeks, ensuring your ownCloud instance is always up-to-date.
• Enhanced Features: Benefit from newly completed features regularly, giving you access to cutting-edge functionalities.
• Great for Non-critical Data: Ideal for environments where having the latest features is more important than having the lowest possible risk.

Understanding the Differences

Production Release

• Target Audience: Suitable for everyone, especially those managing critical data.
• Frequency: Released approximately every six months.
• Risk Level: Low (known) risk, with extensive testing and support.
• Support: Commercially supported with service-level agreements (SLA)
• Updates: Patch releases for critical and security bugs.
• Best for: Users who prioritize stability and have critical data needs.

Rolling Release

• Target Audience: Early adopters and those who want the latest features without waiting for Production releases.
• Frequency: Every three weeks.
• Risk Level: Low to medium risk, with structured but not exhaustive testing.
• Support: Company support available on special agreement.
• Updates: Continuous updates every three weeks with a clear upgrade path from previous rolling releases.
• Best for: Users with non-critical data who want frequent updates and new features.

Daily Release

• Target Audience: Developers and testers who need the latest changes and are willing to accept higher risks.
• Frequency: Daily.
• Risk Level: High (unknown) risk, primarily tested by automated test suites.
• Support: Community support.
• Updates: No structured updates, intended for testing purposes.
• Best for: Developers looking for the latest changes for development and testing.

Who Should Use Which Release Type?

• Production Release: Ideal for users with critical data and a need for maximum stability and support.
• Rolling Release: Perfect for early adopters and businesses that prioritize having the latest features and can tolerate minor risks.
• Daily Release: Best for developers and testers who require the most up-to-date code and are prepared for potential instability.

6 Key Features You Get With the Rolling Release:

1. Federated Sharing

Break down barriers and collaborate seamlessly across organizations with our advanced Federated Sharing feature, built on the Open Cloud Mesh (OCM) 1.1 standard. Work on files from anywhere in the world as if they were on your own computer, enhancing productivity and streamlining workflow.

2. Robust Password Policy

Ensure the highest level of security with customizable password policy framework. Administrators can define rules to enforce compliance regulations, while users are guided to create strong, secure passwords. Say goodbye to weak passwords with our optional list of banned passwords.

3. Powerful Search Filters

Finding the files you need has never been easier. Our enhanced Search Filters allow users to quickly locate files based on type, modification date, and other relevant metadata. Spend less time searching and more time being productive.

4. Simplified Shares

Shares are now much more clearly organized, including filter and search functions.

Managing shares is now a breeze with our revamped Shares interface. Gain a clear overview of incoming, outgoing, and pending shares, all in one user-friendly dashboard. Limit the shares displayed, hide unwanted shares, or find hidden shares with ease using our intuitive filter buttons and search function.

5. Shortcuts

Create shortcuts to link to websites or files.

Save storage and streamline workflows with our new Shortcuts feature. Create quick reference links to websites or files, reducing the need for copies or new versions of files. Bring the convenience of desktop shortcuts to your private cloud.

6. Enhanced Tags, Duplicate Space, and WebDAV URL

Tags are now directly in the details panel.

For advanced users: The WebDAV path can be shown in the details panel, allowing you to use WebDAV in third-party tools.

Easily duplicate a Space so that you can reuse it.

Infinite Scale 5 introduces a dedicated panel for tag management, with tags now visible directly in the file menu. Duplicate spaces with a single click and automate the process for batch actions. Access files easily with the direct WebDAV URL now available in the File Details menu.

How to Get the Rolling Release

Start using the Rolling release via Docker.

Docker

Pull the Docker Image:

docker pull owncloud/ocis-rolling:latest

Download the Binary

Download the binary from our official download server:

https://download.owncloud.com/ocis/ocis/rolling/

GitHub

Get the latest binaries or sourcecode from GitHub:

https://github.com/owncloud/ocis/releases/latest

Read all about the release life cycle

Thank you for being a part of the ownCloud community!

ownCloud Infinite Scale is a user-centric, cloud-native, open source, file sharing and collaboration platform that offers infinite scalability and enables complete digital sovereignty. Now, it is possible to set up and test this powerful product on your own computer with just a few easy steps. The set-up script runs on 64 bit AMD/Intel CPU based Linux machines, 64 bit Raspberry Pi with Raspbian OS, and MacOSX. The flavor of Linux should not make a difference. But even if you just have a Windows machine at your disposal, you have the chance to explore the possibilities of ownCloud Infinite Scale! You just have to enable the Windows Subsystem for Linux (WSL).

In this guide, we will show you how to set up Windows Subsystem for Linux (WSL)  on your Windows machine, walk you through the installation process of ownCloud Infinite Scale on a Linux system, and outline a quick testing process.

How to install Linux on Windows with WSL

Windows Subsystem for Linux (WSL) is a feature of Windows that allows you to run a Linux environment on your Windows machine, without the need for a separate virtual machine or dual booting. Follow Microsoft’s official documentation to easily install WSL on your Windows system. Now you are ready to test Infinite Scale.

Set up and test Infinite Scale on Linux

1. Open a terminal on your device and navigate to a directory within your home where you have the capacity to store data.
2. Type the following command line (however, not as user root):
3. curl -L https://owncloud.com/runocis.sh | /bin/bash

This automatically pulls the latest stable version of Infinite Scale from the official download server of ownCloud onto your computer. It creates a configuration and a start script, and starts the server. The script detects the platform that you are running to download the right binary version.

1. Once the server is started, Infinite Scale’s web client can be accessed by visiting the URL https://localhost:9200/.
2. Since this is an installation for testing purposes only, it does not have a proper certificate configured. That is why your browser is complaining about the certificate. You have to accept the certificate as a security exception in order to proceed.  (In Chrome, click on “Advanced” in the security warning and then on “Proceed to lacalhost (unsafe)”. In other browsers, this works similarly. And indeed, that is one of the reasons why you’re not supposed to use this sneak peak in production or even exposed to the internet.
   

   By clicking on “Advanced” you can bypass this message.

3. The set-up script also creates several demo users upon first start-up on your Infinite Scale in order to explore all the features especially different user groups. Please find the description of the demo users here .
4. Now you’re ready to log in with any of the demo users and explore the possibilities of Infinite Scale.
   

   Infinite Scale interface

Further information

1. The set-up script downloads the golang single binary of Infinite Scale down to the machine into a sandbox directory, called ocis-sandbox-<version>, chmod it to be executable and creates a working config and a data dir. All these happen with the privileges of the logged in user, no sudo or root involved. If you’re curious, you’re encouraged to double check the install script using, for example, the command curl -L https://owncloud.com/runocis.sh.
2. If the server is stopped by pressing Ctrl-C or if you closed the Linux window on a Windows machine, you can later restart it by changing into the sandbox directory and run the script that was left behind in the sandbox with the command  bash runocis.sh .
   

   Screenshot of Infinite Scale on Linux on Windows with WSL

3. The set-up script and the demo were tested on these platforms: 64 bit AMD/Intel CPU based Linux machines, 64 bit Raspberry Pi with Raspbian OS, MacOSX, and Windows Subsystem for Linux (WSL) with Ubuntu. The flavor of Linux should not make any difference.

Support and further resources

If you encounter a problem with the script or if you have suggestions for improvement, please get in touch with ownCloud CTO Klaas Freitag on Github. We are happy to receive issue reports or pull requests.

For further information and setups suitable for production, please refer to the Infinite Scale documentation.

The European Open Science Cloud (EOSC) is a groundbreaking initiative that aims to revolutionize scientific research collaboration in Europe. ownCloud GmbH was selected as a subcontractor of the Poznan Supercomputing and Networking Center (PSNC) in Lot 3 – Exchange Application Services for the EOSC EU Node.

ownCloud GmbH will play a crucial role in the digital infrastructure of the project, in particular by providing the flagship product ownCloud Infinite Scale. Collabora Office is integrated into Infinite Scale for seamless digital collaboration on Office documents. The system also enables the sharing and joint editing of Jupyter notebooks, which are popular in science. The solution forms the basis for the entire project structure and offers a scalable and powerful environment for managing and processing large volumes of research data. Potentially half a million users from the entire European science community will be able to use the system for smooth collaboration and data analysis within the EOSC project.

Holger Dyroff, Co-Founder, COO and Managing Director of ownCloud.

Holger Dyroff, COO of ownCloud GmbH explains: “We are proud to be part of the winning team of the tender and to make a significant contribution to the European Commission’s groundbreaking EOSC project. ownCloud Infinite Scale serves as the foundation for the entire project structure and provides a scalable and powerful environment for research data management. The high level of data security, fine-grained access control and easy integration with other scientific tools were also decisive factors in winning the contract. ”

He adds: “We are delighted that the European Science Cloud has chosen Infinite Scale, ownCloud’s flagship product. It has already proven its versatility and scalability in large projects with literally millions of users. This makes it the rock-solid and future-proof backbone of the EOSC. Furthermore, as an open source solution, ownCloud Infinite Scale is the basis for digital sovereignty at European level.”

The operational launch of the EOSC EU Node is planned for January to August 2024.

Companies and public authorities are increasingly striving for digital sovereignty. As public administration works with highly sensitive data, the German government’s digital strategy calls for authorities to have full sovereignty over their IT. Companies, on the other hand, are becoming increasingly aware that they need to be digitally independent in order to protect their intellectual property, secure competitive advantages and not restrict their ability to innovate.

According to ownCloud, public authorities and companies can already achieve complete digital sovereignty in the software stack. This state is achieved when their software applications guarantee independence on three decisive levels:

1. Data sovereignty. Data sovereign organizations are always autonomous with regard to their own data and do not have to fear unwanted access. This risk exists in particular when companies or public authorities do not operate IT systems themselves and do not host data themselves, but instead use external IT service providers and cloud services.

In these cases, it must be ensured that no unauthorized parties gain access, that the data is stored and processed in accordance with applicable law and that this right can be effectively enforced in case of doubt.

2. Operational sovereignty. Organizations must be independent of platforms when operating software. They should be free to decide where they want to operate an application: be it in their own data center, as a managed service with an IT service provider of their choice or in a public cloud. But the software itself must also guarantee independence. Companies and public authorities should be able to replace an application with an alternative solution at any time if necessary. To this end, the software must support open standards that enable all types of data to be transferred freely and without modification to other systems.

3. Technical sovereignty. Companies and public authorities should not have to blindly trust that software is working properly, but should be able to verify this themselves. This is only the case if they have full transparency about the source code of a software, i.e. if they use open source or shared source software.

Open source code enables organizations to convince themselves that a software does not contain any backdoors through which data can be leaked to third parties unnoticed. Their investments are also protected. If the provider disappears from the market, they can continue to develop the software independently.

Holger Dyroff, Co-Founder, COO and Managing Director of ownCloud.

“If you apply this model, it quickly becomes clear that digital sovereignty is not possible with the cloud platforms of the major US players. They do not guarantee independence on any of the three levels,” explains Holger Dyroff, Co-Founder, COO and Managing Director of ownCloud.

“Companies can only achieve one hundred percent digital sovereignty with solutions from the open source community – and this option is de facto open to them today. There is now a wide range of enterprise-grade open source applications that can easily compete with hyperscaler services in terms of user-friendliness and functionality.”

Learn how ownCloud ensures digital sovereignty for your sensitive data.

Read the original press release (German)

In July 2023, a total of 40 students and teachers from my school, the Gymnasium Eckental (near Nuremberg, Germany), embarked on a mandatory five-day long project seminar in the Austrian Alps. Our adventures included sleeping in cozy alpine huts, climbing the Rofan mountains and going on long hikes everyday along breathtaking mountain roads. It was the students who were solely responsible for planning every aspect of this adventure, including ensuring that the backpacks carried all the essentials, charting out the hiking routes and finding convenient places to stop for the nights. My responsibility was to curate and manage all the photos clicked during the course of our adventure.

I figured that everyone in our group would snap plenty of photos during the trip, as these moments were certainly worth cherishing for a lifetime. So, I started my search for a software that would allow each member to upload their photos and also access others’ photos effortlessly in a central platform. Ensuring that the platform offered easy organization and security was, of course, of vital importance. Plus, steering clear of public clouds with questionable privacy policies was a priority for me. That’s when I stumbled upon ownCloud Infinite Scale, and it turned out to be the ideal solution.

Photo Management Workflow

ownCloud Infinite Scale has greatly streamlined my photo management workflow. Its user-friendly web interface and mobile app make it exceptionally easy to handle, even when one is out hiking in the Alps! This mobile accessibility allowed me to efficiently organize photos during our trip, ultimately saving me a significant amount of work later on. Moreover, the self-hosting feature on a sponsored host ensures that our photos remain secure.

First, I set up dedicated upload areas for each user using ownCloud Infinite Scale’s “Spaces” feature. I shared these upload spaces in “File Drop” mode and distributed them to fellow students via QR codes. This approach ensured that each student had an individually accessible upload space, restricting access to only the photos each had uploaded.

As an administrator, this setup allowed me to moderate the images effectively. I could review and sort through the uploaded photos before transferring them to another designated space for all students to access. This ensured that only relevant and appropriate images were included in our seminar and tour collection.

The final space where I stored these images served as a shared gallery, which we access conveniently through a QR code. This gallery has become a valuable chance for us to revisit our great trip whenever we want.

With ownCloud Infinite Scale, accessing and sharing images is very simple and secure.

ownCloud Infinite Scale: Overall a great experience

I had a great experience working with ownCloud Infinite Scale because it not only provided a solution to all my wishes of a secure, personalized cloud, but was also incredibly easy to use on the go. Most of the students, including myself, brought only a smartphone on the trip. Yet the ownCloud mobile app made it simple to collect, access and manage the huge amount of pictures taken in a secure way. In conclusion, ownCloud Infinite Scale helped us with making the hiking trip unforgettable and keeping those memories accessible!

Your personal photos should be for your eyes only. Learn how ownCloud protects and secures your memories.

Your company was involved in the development of the BayernBox. What was the basic idea behind this project?

Dyroff: The idea behind BayernBox is to provide all local authorities in Bavaria with a central platform for data exchange and to accelerate the digitalization process in local administration. When we talk about local administration in Bavaria, we are talking about 2,000 individual bodies. These include small communities, municipalities , districts, associations and large districts.
They all face the challenge of digitizing their systems and processes at affordable costs while meeting high security and data protection requirements. One can probably well imagine that great synergy effects are possible with such a transformation.

Accordingly, implementation quickly picked up speed after we started with the first municipalities in 2019.
The fact that we have now broken the 1,000 mark naturally spurs us on to further develop the BayernBox. In addition to the web client, the desktop client was also recently rolled out, offering users even more convenience. And the range of functions is constantly being expanded.

Dyroff: Open source generally stands for the highest level of digital sovereignty and is therefore exactly the direction in which the digitalization of the public sector is developing. This is reflected in the federal government ‘s coalition agreement as well as in the first eGovernment laws at the federal state level.

In a few years, the majority of public procurement procedures will require the use of open-source software. The reason is simple: open source stands for the highest level of transparency, which fully enables security and data protection. And these two values ​​are of central importance, especially when it comes to public services.

Holger Dyroff, COO and Co-Founder, ownCloud

Is the BayernBox also a successful example of a sovereign solution that does not require hyperscalers?

Dyroff: Absolutely. I will just say this briefly and succinctly: In Germany we are not dependent on hyperscalers . This is especially true if data protection and data security really have to play a role. I am convinced that the Bavarian state government has taken the right path with BayernBox. It corresponds to the spirit of the Bavarian Digital Act, which has legally anchored open source as a new standard in procurement.
And the BayernBox has also met with a great response from Bavarian municipalities, as we were clearly told in discussions. For many employees, it is a central tool in everyday work for storing and sharing large amounts of data, for example not only documents but also videos, or simply collaborating with colleagues. Of course we are proud that we were able to create this opportunity.

Dyroff: In principle, it is the task of the individual federal states to decide on the implementation of such IT projects. We have no influence on that. Of course, as ownCloud we would welcome discussions with other federal states. I think that, in addition to the technical skills, we have a lot of know-how about the requirements that municipal IT has to cope with. We look forward to further collaboration with the Bavarian State Government and are always open to further developing the project and integrating new functionalities.

The original interview was published in German in eGovernment magazine on 29th November 2023.

You may have read or heard that ownCloud server instances may be affected by several high-priority vulnerabilities. On September 19, we notified all users with the release announcement for ownCloud server 10.13.1 about this critical update. 
If you followed the instruction in our previous communication, we thank you very much and you should be on the safe side. However, we recommend that you double check to ensure you applied all recommended measures (below). 

Vulnerabilities: 

CVE-2023-49103 Affects the GraphAPI 

CVE-2023-49104 Allows crafted redirect URLs that bypass validation 

CVE-2023-49105 Permits unauthorized file access, modification, or deletion 

 Affected Products: 

All ownCloud Server instances below version 10.13.3 are affected. Please check your current version to determine if an update is necessary. 
If you run at least ownCloud 10.13.1 and don’t use external storage you should also upgrade, but you aren’t subject to a security vulnerability. 
If you run ownCloud Infinite Scale or any of our managed services including ownCloud.Online you are NOT affected.  

Immediate Actions: 

• Update Immediately if you run any of the “Affected Products” listed above.
• App-Specific Updates: For GraphAPI (CVE-2023-49103) and OAuth2 (CVE-2023-49104), please update the apps via the provided marketplace links and remove the “GetPhpInfo.php” file. 
• Patch for Pre-Signed URL Issue: The WebDAV API Authentication Bypass (CVE-2023-49105) requires an upgrade to 10.13.3 or a specific patch available from our support team. 

Links for Action: 

• Instructions for ownCloud Server Updates: https://doc.owncloud.com/server/next/admin_manual/maintenance/upgrading/upgrade.html  
• Download server packages: 

• Downloads are available at www.owncloud.com/download . For our subscription customers at portal.owncloud.com . 

• For App Specific Updates: 

• For Graph API: v0.3.1: https://marketplace.owncloud.com/apps/graphapi (NOTE: In addition to the update please make sure to delete owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php.)  
• For OAuth2: v0.6.1: https://marketplace.owncloud.com/apps/oauth2 

• Our dedicated support team is ready to assist our subscription customers. Please contact them at https://owncloud.com/support/  for any help.  

For more information please also look at our FAQ. 

In general, we recommend to upgrade always to the latest version which currently is 10.13.3. More information here. 

 We sincerely apologize for any inconvenience this may cause. The safety and security of your data are of paramount importance to us, and we are committed to ensuring the highest standards are maintained. Please do not hesitate to reach out for support during this critical update period. 

By joining forces with ownCloud, Kiteworks underscores its commitment to the DACH market

ownCloud, a provider of the open-source content collaboration platform of the same name, announced today that it entered into a definitive agreement to merge with Kiteworks, which delivers data privacy and compliance for sensitive content communications through customer-enabled Private Content Networks (PCNs). This move strengthens ownCloud’s standing in its market and at the same time significantly expands Kiteworks’ market commitment, accelerating its vision to deliver the most robust and easy-to-use platform for content security and compliance on a global scale.

Kiteworks also announced that it has entered into a merger agreement with DRACOON based in Regensburg, Germany.

The DRACOON and ownCloud mergers represent a pivotal milestone in Kiteworks’ dedication to enabling organizations to securely collaborate with customers, partners, and employees through secure file and email data exchange across a PCN. In the short term, DRACOON and ownCloud customers and partners have the opportunity to gain access to the expanded security and compliance capabilities of Kiteworks. Over time, the combined human and technological resources from the three companies will greatly advance data governance and controls for regulated industries in the DACH market by enabling them to realize zero-trust policy management for sensitive content communications on one platform. Further, the high level of commitment that DRACOON and ownCloud apply to the data privacy and sovereignty of their customer data is embraced by Kiteworks—from single-tenant hosting to key management and encryption that can be accessed only by the customer, giving total privacy to customer data.

“We are excited to welcome DRACOON and ownCloud into the growing Kiteworks family,” said Jonathan Yaron, Chairman and CEO at Kiteworks. “Our collective resources and expertise further strengthen our focus on championing data security and compliance through strategic deployment of Private Content Networks on a global scale. The three companies share a commitment to securing sensitive customer content without compromising user experience and productivity across sensitive content communication channels. Kiteworks’ commitment to data privacy remains strong with these mergers. As with DRACOON and ownCloud, Kiteworks has no ability to access customer keys or data and our core values of trust and privacy guide everything that we do.”

Through the mergers, DRACOON and ownCloud gain access to expanded resources and capabilities that will empower them to serve their customers and partners better. Kiteworks’ adherence to comprehensive certification and compliance standards, such as SOC 2 Type II, FedRAMP Authorized, ISO 27001, 27017, and 27018, Cyber Essentials Plus, and others, builds on compliance achievements by DRACOON and ownCloud that include local standards like BSI C5 Certification, IDW PS 951, IT Security Made in Germany (ITSMG), IT Security Made in the EU (TeleTrusT), and Software Hosted in Germany. This adherence to international and local security standards demonstrates an unwavering commitment to individual customer requirements by all three companies. In addition, the Kiteworks-enabled PCN and its audit log capabilities provide customers with the ability to demonstrate compliance with regulations. DRACOON and ownCloud customers will also have expanded options to benefit from enhanced protection of their sensitive and confidential data through Kiteworks’ single-tenant customer hosting model and its hardened appliance, which are widely regarded as the most secure in the industry. ownCloud’s open-source position will remain the same after the merger.

For Kiteworks, the two mergers give the company immediate access to DRACOON’s and ownCloud’s rapidly growing European customer bases, with key concentrations in the DACH market, that span numerous industry sectors. Recognizing the importance of having a local presence in the European market, Kiteworks plans further investments in on-the-ground teams and infrastructure to support local customers.

“Kiteworks is the ideal partner to realize our long-term vision of providing real-time content sharing and collaboration at scale and deliver enterprise-grade solutions,” said Tobias Gerlinger, CEO and Managing Director at ownCloud. “We share an unwavering passion to enable organizations to seamlessly share and work on sensitive content regardless of device or location—while in compliance with regulations and data sovereignty requirements. The importance of ownCloud’s open source in the enterprise and public-sector markets is embraced by both organizations.”

To learn more about the Kiteworks-enabled Private Content Network, click here.

For more information, please refer to the Kiteworks press release: https://www.kiteworks.com/company/press-releases/kiteworks-makes-bold-moves-joining-forces-with-two-german-leaders-in-its-space/

About Kiteworks 

Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications. Headquartered in Silicon Valley, Kiteworks protects over 100 million end users for over 3,650 global enterprises and government agencies.

About DRACOON

DRACOON provides secure file sharing and collaboration services to over 500,000 users worldwide, including major companies across industries like transportation, finance, healthcare, and more. With industry-specific solutions and certifications like BSI C5, IPW PS 951, and ISO 27001, 27017, and 27018 that meet the highest security standards, DRACOON enables efficient and compliant file sharing, along with features like encrypted email and cloud drive integration. Trusted by Deutsche Bahn, Thyssenkrupp, Telekom, Helios Kliniken, and other leading organizations, DRACOON ensures people everywhere can collaborate securely and efficiently

As ownCloud’s first CXO, David Walter is rising to the challenge. His primary responsibilities are to build a team of experts and ensure consistent communication between all stakeholders. The CXO role serves as an important bridge between ownCloud, customers, partners, hosters and integrators. In addition to valuable feedback from the open source community, input from industry and government will be considered.

David Walter is no newcomer to ownCloud. He has been working with and for ownCloud in various roles since 2014: first as a community member, later as a customer, and since 2022 as a project manager. With his background as an open source enthusiast and experienced integration expert, he is ideally suited for his new role. His previous positions as Chief Information Security Officer and project manager in the IT industry underline his expertise.

The introduction of the CXO comes at a time when ownCloud is growing rapidly and continually expanding its product portfolio. Large, internationally distributed projects and complex migrations from proprietary solutions to the open source world require centralized control to ensure smooth implementation. Walter’s involvement will help to bring product development and customer service even closer together.

The initial focus will be on building a cross-functional team focused on improving the customer experience. David Walter‘s vision is to deliver on ownCloud’s promise to provide the greatest value to all stakeholders.

“The increasing use of our products motivates us to involve our customers even more actively in the development process. As CXO, I will always keep the interests of our customers in mind and ensure smooth navigation through our product world,” says David Walter about his new position.

OpenTalk specializes in providing confidential video conferencing solutions that meet the highest security and privacy requirements, including GDPR compliance. As part of the partnership, ownCloud’s content collaboration solution will be integrated with OpenTalk’s secure video conferencing platform. As a result, users will be able to seamlessly share and collaborate on files and work results while benefiting from the digital sovereignty and highest security standards of OpenTalk and ownCloud. The new features resulting from the integration, such as the secure storage of meeting minutes or whiteboards in ownCloud’s highly scalable collaboration solution, will be available by the end of the first quarter of 2024.

ownCloud has formed another key partnership with mspaces. The company develops transparent and confidential workspaces for digital collaboration across organizations. mspaces is a complete solution delivered as SaaS, providing organizations with a holistic set of tools including content collaboration, chat and videoconferencing. By integrating the ownCloud Infinite Scale data platform, mspaces expands its digital workspace offering. The partnership is expected to help revolutionize the way organizations collaborate across boundaries.

Both partnerships were signed at this year’s it-sa, the IT security and privacy trade fair, which was a huge success for ownCloud. Both OpenTalk and mspaces exhibited at the ownCloud booth.

V.l.n.r.: Dr. Bernhard Theuer (Vertrieb und Business Development, mspaces), Michael Lauer (Produkt und Administration, mspaces) und Holger Dyroff (COO und Managing Director, ownCloud), Quelle: ownCloud

“The partnership with ownCloud is part of our strategy to integrate OpenTalk with proven open source solutions,” said Markus Michels, CEO of OpenTalk. “The ultimate goal is to ensure that our open source-based solution is easy, convenient and secure to use. With ownCloud, we have an established and powerful partner at our side to achieve this.”

“Two Bavarian companies are combining their expertise and innovative strength to create a new dimension of cooperation,” emphasizes Bernhard Theuer, one of the managing directors of mspaces. “The close cooperation between ownCloud and mspaces includes not only software integration, but also a joint Press release sales partnership and an exchange for the further development of both solutions.”