SUSE Package Hub - openSUSE-2019-655

Update Info

openSUSE-2019-655

Security update for nextcloud

Type: security

Severity: moderate

Issued: 2019-03-23

Description:

This update for nextcloud fixes security issues and bugs.

Security issues fixed:

- CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments (boo#1114817)

This update also contains all bug fixes and improvements in the 13.0.8 version, including:

- Password expiration time changed from 12h to 7d
- Bug fixes to the OAuth brute force protection
- Various other bug fixes and improvements

References

CVE: CVE-2018-3780
Bugzilla: 1114817 VUL-0: nextcloud: Upgrade to version 14.0.3 - Multiple CVEs

Packages

nextcloud-13.0.8-bp150.2.6.1