Unsupported version of ownCloud server

Put support questions regarding OPI here. Examples are hardware related issues and other questions that are specific to OPI.
DarS
Posts: 20
Joined: Sun Oct 05, 2014 2:46 am

Unsupported version of ownCloud server

Post by DarS » Thu Jun 30, 2016 3:39 am

Hello,
Since few weeks/months my ownCloud client on Linux has started to complain about unsupported server version installed in OPI appliance:
The server version 6.0.7 is old and unsupported! Proceed at your own risk.

How bad is this? Any security risk/exposure caused by 6.0.7?
And of course the most important - is new, updated ownCloud server coming to OPI device soon?

ownCloud web page suggests that ver. 6 and 7 are unsupported, and that ver. 8, 8.1, 8.2 and 9 are for production use.

Best regards,
-DarS


User avatar
tor
Posts: 120
Joined: Thu Aug 14, 2014 3:42 am
Contact:

Post by tor » Wed Jul 06, 2016 1:45 pm

Hi DarS,

We are currently working on a general upgrade of the software on OPI and with that is a planned upgrade of the Owncloud component. There have though been some problems with precisely the Owncloud software that have delayed this. (They don't support upgrades between more than one major revision and further more they have removed both the calendar and contacts UI into separate applications)

So you will hopefully get an upgrade on this in the short future.

Regarding security there are, of course, always risks with running elderly software with known problems. With that said, there are to our knowledge no known exploits being widely used against OC.

/Tor

DarS
Posts: 20
Joined: Sun Oct 05, 2014 2:46 am

Post by DarS » Mon Jul 18, 2016 5:59 am

Thanks! I'm therefore waiting for this upgrade to come.

In the meantime I bumped into another security-related issue, namely the certificates.

One of the client applications (perhaps the ownCloud client, but it also could be calendar or email client, as I tested bunch of them recently) complained about SHA-1 Certificate:

The certificate for this site expires in 2017 or later, and the certificate chain contains a certificate signed using SHA-1

I did not have time to investigate further, but I understand that SHA-1 is set for discontiniance from 2017. So I guess our devices would require new set of OPI certs in coming months.

Regards,
-DarS

murtagh
Posts: 19
Joined: Fri Sep 05, 2014 9:50 pm

Post by murtagh » Tue Jul 19, 2016 6:11 pm

Have you looked into the OwnCloud fork called NextCloud? It seems to be a situation very similar to the OpenOffice/LibreOffice split a while back where the business people went one way and the technical people went the other. The technical people started NextCloud. At this point it is supposedly a drop-in replacement. It might be a better fit as an upstream source.

Murtagh

User avatar
pa
Posts: 74
Joined: Thu Aug 14, 2014 7:44 am

Post by pa » Wed Jul 20, 2016 7:35 am

Hi DarS,

Regarding the certificate, this is an issue that we are aware of. Currently we are looking at updating our certificate chain, but there are a lot of dependencies that comes along with that...

We are also trying to get a certificate that is signed by a "trusted" CA, so that browsers and other applications does not complain about the certificate.

/PA

User avatar
tor
Posts: 120
Joined: Thu Aug 14, 2014 3:42 am
Contact:

Post by tor » Wed Jul 20, 2016 7:57 am

Hi murtagh,

We are of course aware of the NextCloud fork of Owncloud. We however decided to first look into the upgrade of the old Owncloud to a newer version. Further more we would like the dust to settle a bit before we evaluate the situation and then decide if a change would be the right thing to do.

With that said Nextcloud seems to address many of the "issues" we have with the Owncloud organization. (Such as the split in an enterprise vs community edition, the CLA for contributions and other rubbish.)

/Tor

harrijer
Posts: 7
Joined: Thu Oct 23, 2014 1:14 pm

Post by harrijer » Wed Sep 14, 2016 12:32 pm

I know this may start a religious war - but would you consider separating the caldav/carddav out of owncloud/nextcloud/andthenextfalloutafterthenextcloud?

I'm considering installing a Baikal server just so that I can break the dependency between Owncloud and having an up to date caldav server.

I am looking at Baikal (on a different machine) as it is the same Sabre stuff under the covers and is now part of Sabre.

But I'm not an expert :) So if you could do it on the opi I would obviously prefer it ;)

Just an idea to throw into the pot.

/J




User avatar
pa
Posts: 74
Joined: Thu Aug 14, 2014 7:44 am

Post by pa » Fri Sep 16, 2016 8:54 am

No fear of getting into a war with us, thoughts and comments are always welcome.

The 'owncloud/nextcloud/....' business is definitely worrying, and we have many times thought of what and how we can live without that.
One option is just as you say to break the functionality into separate software, and while it might be fairly straight forward doing that on a single system to make it work, it is a lot more to think about before it can be rolled out in production.
But we are looking and thinking about this kind of things.

/PA

kivinen
Posts: 13
Joined: Wed Oct 01, 2014 1:08 pm

Post by kivinen » Thu Jan 05, 2017 6:43 pm

Any progress on this? When are we going to get updated ownCloud server?

User avatar
pa
Posts: 74
Joined: Thu Aug 14, 2014 7:44 am

Post by pa » Fri Jan 13, 2017 2:45 pm

Hi,

I have just posted an updated on what we are currently up to, including the update "plan".

http://community.openproducts.com/2017/ ... d-updates/

/PA

Post Reply