V0.48 scan.nextcloud.com

box · September 24, 2020, 7:06am

I wanted to find out version of the NextCloud on my MIAB just updated to v0.48
and found this post:

So I give it a try at the address: https://scan.nextcloud.com/
and it come back with the following:
[X] Running Nextcloud 17.0.6.2
[J] Major version still supported

as expected per the tag v0.45
https://github.com/mail-in-a-box/mailinabox/releases/tag/v0.45

With “A” rating:
A = This server has no known vulnerabilities but there are additional hardening capabilities available in newer versions making it harder for an attacker to exploit unknown vulnerabilities to break in.

But hardening showing potential problem:
[x] __Host-Prefix:
The __Host prefix mitigates cookie injection vulnerabilities within potential third-party software sharing the same second level domain. It is an additional hardening on top of ‘normal’ same-site cookies.

My question is are there any plans to upgrade to “LATEST” version "19.0.0.?
https://github.com/nextcloud/server/releases/latest

In the Settings page of the NextCloud there was an option for Administrator that is missing in my,
when I log in as administrator for my box. Is it deliberate, if so how can one access the Admin account on NC?

latinhypercube · September 24, 2020, 10:19am

Not recommended I think as the nextcloud install is really only there to provide address book and calendar AFAIK

However, does this work for you to make admin rights available to a user:

sudo mailinabox/tools/owncloud-unlockadmin.sh email@example.com

box · September 24, 2020, 10:23am

Thank you.

I have just looked and I only have available in my NextCloud:

Files
Gallery
Contacts
Calendar

latinhypercube · September 24, 2020, 10:32am

Well to be honest I haven’t tried this on my MIAB as it is a production service for me.

I have installed nextcloud on another VM and there one sees some extra settings available to the admin user compared to normal user.

I assume the script in MIAB is still valid as it is included in 0.48.

latinhypercube · September 24, 2020, 10:36am

Did you restart nextcloud (and nginx) btw?

JoshData · September 24, 2020, 10:47am

Eventually! But the goal of the project isn’t to provide the latest calendar and contacts experience, so I am not in any hurry.

box · September 24, 2020, 11:07am

No worries, are there any plans to integrate NC Talk (https://nextcloud.com/talk/) or it’s out of scope of this project?

JoshData · September 24, 2020, 11:28am

It’s way out of scope.