V0.48 scan.nextcloud.com

I wanted to find out version of the NextCloud on my MIAB just updated to v0.48
and found this post:

So I give it a try at the address: https://scan.nextcloud.com/
and it come back with the following:
[X] Running Nextcloud
[J] Major version still supported

as expected per the tag v0.45

With “A” rating:
A = This server has no known vulnerabilities but there are additional hardening capabilities available in newer versions making it harder for an attacker to exploit unknown vulnerabilities to break in.

But hardening showing potential problem:
[x] __Host-Prefix:
The __Host prefix mitigates cookie injection vulnerabilities within potential third-party software sharing the same second level domain. It is an additional hardening on top of ‘normal’ same-site cookies.

My question is are there any plans to upgrade to “LATEST” version "19.0.0.?

In the Settings page of the NextCloud there was an option for Administrator that is missing in my,
when I log in as administrator for my box. Is it deliberate, if so how can one access the Admin account on NC?

Not recommended I think as the nextcloud install is really only there to provide address book and calendar AFAIK

However, does this work for you to make admin rights available to a user:

sudo mailinabox/tools/owncloud-unlockadmin.sh email@example.com

Thank you.

I have just looked and I only have available in my NextCloud:

  • Files
  • Gallery
  • Contacts
  • Calendar

Well to be honest I haven’t tried this on my MIAB as it is a production service for me.

I have installed nextcloud on another VM and there one sees some extra settings available to the admin user compared to normal user.

I assume the script in MIAB is still valid as it is included in 0.48.

Did you restart nextcloud (and nginx) btw?

Eventually! But the goal of the project isn’t to provide the latest calendar and contacts experience, so I am not in any hurry.

No worries, are there any plans to integrate NC Talk (https://nextcloud.com/talk/) or it’s out of scope of this project?

It’s way out of scope.