{"affected":[{"ecosystem_specific":{"binaries":[{"caja-extension-nextcloud":"3.8.0-bp154.2.3.1","cloudproviders-extension-nextcloud":"3.8.0-bp154.2.3.1","libnextcloudsync-devel":"3.8.0-bp154.2.3.1","libnextcloudsync0":"3.8.0-bp154.2.3.1","nautilus-extension-nextcloud":"3.8.0-bp154.2.3.1","nemo-extension-nextcloud":"3.8.0-bp154.2.3.1","nextcloud-desktop":"3.8.0-bp154.2.3.1","nextcloud-desktop-doc":"3.8.0-bp154.2.3.1","nextcloud-desktop-dolphin":"3.8.0-bp154.2.3.1","nextcloud-desktop-lang":"3.8.0-bp154.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"nextcloud-desktop","purl":"pkg:rpm/suse/nextcloud-desktop&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.0-bp154.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"caja-extension-nextcloud":"3.8.0-bp154.2.3.1","cloudproviders-extension-nextcloud":"3.8.0-bp154.2.3.1","libnextcloudsync-devel":"3.8.0-bp154.2.3.1","libnextcloudsync0":"3.8.0-bp154.2.3.1","nautilus-extension-nextcloud":"3.8.0-bp154.2.3.1","nemo-extension-nextcloud":"3.8.0-bp154.2.3.1","nextcloud-desktop":"3.8.0-bp154.2.3.1","nextcloud-desktop-doc":"3.8.0-bp154.2.3.1","nextcloud-desktop-dolphin":"3.8.0-bp154.2.3.1","nextcloud-desktop-lang":"3.8.0-bp154.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"nextcloud-desktop","purl":"pkg:rpm/opensuse/nextcloud-desktop&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.0-bp154.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nextcloud-desktop fixes the following issues:\n\nnextcloud-desktop was updated to 3.8.0:\n\n  - Resize WebView widget once the loginpage rendered\n  - Feature/secure file drop\n  - Check German translation for wrong wording\n  - L10n: Correct word\n  - Fix displaying of file details button for local syncfileitem activities\n  - Improve config upgrade warning dialog\n  - Only accept folder setup page if overrideLocalDir is set\n  - Update CHANGELOG.\n  - Prevent ShareModel crash from accessing bad pointers\n  - Bugfix/init value for pointers\n  - Log to stdout when built in Debug config\n  - Clean up account creation and deletion code\n  - L10n: Added dot to end of sentence\n  - L10n: Fixed grammar\n  - Fix 'Create new folder' menu entries in settings not working correctly on macOS\n  - Ci/clang tidy checks init variables\n  - Fix share dialog infinite loading\n  - Fix edit locally job not finding the user account: wrong user id\n  - Skip e2e encrypted files with empty filename in metadata\n  - Use new connect syntax\n  - Fix avatars not showing up in settings dialog account actions until clicked on\n  - Always discover blacklisted folders to avoid data loss when modifying selectivesync list.\n  - Fix infinite loading in the share dialog when public link shares are disabled on the server\n  - With cfapi when dehydrating files add missing flag\n  - Fix text labels in Sync Status component\n  - Display 'Search globally' as the last sharees list element\n  - Fix display of 2FA notification.\n  - Bugfix/do not restore virtual files\n  - Show server name in tray main window\n  - Add Ubuntu Lunar\n  - Debian build classification 'beta' cannot override 'release'.\n  - Update changelog\n  - Follow shouldNotify flag to hide notifications when needed\n  - Bugfix/stop after creating config file\n  - E2EE cut extra zeroes from derypted byte array.\n  - When local sync folder is overriden, respect this choice\n  - Feature/e2ee fixes\n\n- This also fix security issues:\n\n  - (boo#1205798, CVE-2022-39331)\n    - Arbitrary HyperText Markup Language injection in notifications \n  - (boo#1205799, CVE-2022-39332)\n    - Arbitrary HyperText Markup Language injection in user status and information \n  - (boo#1205800, CVE-2022-39333)\n    - Arbitrary HyperText Markup Language injection in desktop client application \n  - (boo#1205801, CVE-2022-39334)\n    - Client incorrectly trusts invalid TLS certificates \n  - (boo#1207976, CVE-2023-23942)\n    - missing sanitisation on qml labels leading to javascript injection \n\n- Update to 3.7.4\n\n  - check German translation for wrong wording\n  - Fix 'Create new folder' menu entries in settings not working correctly on macOS\n  - Clean up account creation and deletion code\n  - Fix share dialog infinite loading\n  - fix edit locally job not finding the user account: wrong user id\n  - skip e2e encrypted files with empty filename in metadata\n  - Always discover blacklisted folders to avoid data loss when modifying selectivesync list.\n  - use new connect syntax\n  - with cfapi when dehydrating files add missing flag\n  - Fix avatars not showing up in settings dialog account actions until clicked on\n  - Fix text labels in Sync Status component\n  - Fix infinite loading in the share dialog when public link shares are disabled on the server\n  - Ci/clang tidy checks init variables\n  - Display 'Search globally' as the last sharees list element\n  - Resize WebView widget once the loginpage rendered\n  - Bugfix/do not restore virtual files\n  - Fix display of 2FA notification.\n\n- Update to 3.7.3\n\n  - Revert 'Fix(l10n): capital_abcd Update translations from Transifex'\n  - Revert 'Fix(l10n): capital_abcd Update translations from Transifex'\n  - Revert 'Fix(l10n): capital_abcd Update translations from Transifex'\n\n- Update to 3.7.2\n\n  - No regular changelog from upstream.\n    See instead: https://github.com/nextcloud/desktop/compare/v3.7.1...v3.7.2\n\n- Update to 3.7.1\n\n  - Backport/5393/stable 3.7 by @mgallien in #5403\n  - Fix wrong estimated time when doing sync. in #4902\n  - Bugfix/selective sync abort error in #4903\n  - Set UnifiedSearchResultNothingFound visibility less messily in #4751\n  - Clean up QML type and singleton registration in #4817\n  - Simplify activity list delegates by making them ItemDelegates, clean up in #4786\n  - Improve activity list highlighting/keyboard item selection in #4781\n  - Replace private API QZipWriter with KArchive in #4768\n  - makes Qt WebEngine optional only on macOS in #4875\n  - Bugfix/conflict resolution when selecting folder in #4914\n  - Fix fileactivitylistmodel QML registration in #4920\n  - Updated link to documentation in #4792\n  - Fix menu bar height calculation on macOS in #4917\n  - Fix ActivityItem activityHover error in #4921\n  - Fix add account window text clipping, enlarge text in #4910\n  - Accept valid lsColJob reply XML content types in #4919\n  - Fix low-resolution file changed overlay icons in activities in #4930\n  - Refactor ActivityListModel population mechanisms in #4736\n  - Make account setup wizard's adjustWizardSize resize to current page size instead of largest wizard page in #4911\n  - Deallocate call notification dialog objects when closed by @claucambra in #4939\n  - Ensure that the file being processed has had its etag properly sanitised, log etag more in #4940\n  - Feature/syncjournaldb handle errors in #4819\n  - Do not format text in QML components as HTML in #4944\n  - Fix two factor auth notification: activity item was disabled. in #4961\n  - Add a placeholder item for empty activity list in #4959\n  - Ensure strings in main window QML are presented as plain text and not HTML by @claucambra in #4972\n  - Improve handling of file name clashes by @claucambra in #4970\n  - Add a QSortFilterProxyModel-based SortedActivityListModel by @claucambra in #4933\n  - Bring back .lnk files on Windows and always treat them as non-virtual files. by @allexzander in #4968\n  - Fix two factor authentication notification by @camilasan in #4967\n  - Ensure placeholder message in emoji picker wraps correctly in #4960\n  - Make activity action button an actual button, clean up contents in #4784\n  - Improve the error box QML component in #4976\n  - Fix 'Reply' primary property. in #4985\n  - Fix sync progress bar colours in dark mode in #4986\n  - Fix predefined status text formatting in #4987\n  - Don't set up tray context menu on macOS, even if not building app bundle in #4988\n  - Ci/check clang tidy in ci in #4995\n  - check our code with clang-tidy in #4999\n  - alway use constexpr for all text constants in #4996\n  - avoid possibly crashing static_cast in #4994\n  - switch AppImage CI to latest tag: client-appimage-6 in #5003\n  - configure a list of checks for clang-tidy in #5004\n  - Fix link shares default expire date being enforced as maximum expire date even when maximum date enforcement is disabled on the server in #4982\n  - apply modernize-use-using via clang-tidy in #4993\n  - Ci/use no discard in #4992\n  - Fix files not unlocking after lock time expired in #4962\n  - Update client image in #5002\n  - let's check the format via some github action in #4991\n  - Feature/vfs windows sharing and lock state in #4942\n  - Update after tx migrate in #5019\n  - Improve 'Handle local file editing' feature. Add loading popup. Add force sync before opening a file. in #4990\n  - Command-line client. Do not trust SSL certificates by default, unless '--trust' option is set. in #5022\n  - Bugfix/files lock fail metadata in #5024\n  - do not ignore return value in #4998\n  - improve logs when adding sync errors in activity list of main dialog in #5032\n  - Fix invisible user status selector button not being checked when user is in Offline mode in #5012\n  - use correct version copmparison on NSIS updater: fix update from rc in #4979\n  - Bugfix/check token for edit locally requests in #5039\n  - Fix the dismiss button: display it whenever possible. in #4989\n  - Fix account not found when doing local file editing. in #5040\n  - Improve 'pretty user name'-related strings, display in webflow credentials in #5013\n  - Update CHANGELOG with 3.6.1 changes. in #5066\n  - Fix call notification dialog buttons in #5074\n  - validate certificate for E2EE against private key in #4949\n  - emit missing signal to update folder sync status icon in #5087\n  - Update CMake usage in README build instructions in #5086\n  - Clean up methods in sync engine in #5071\n  - Make Systray's void methods slots in #5042\n  - Remove unneeded parameter from CleanupPollsJob constructor in #5070\n  - Add a 'Sync now' button to the sync status header in the tray window in #5018\n  - Modernise and improve code in AccountManager in #5026\n  - Fix macOS autoupdater settings in #5102\n  - Validate and sanitise edit locally token and relpath before sending to server in #5093\n  - Refactor FolderMan's 'Edit Locally' capabilities as separate class in #5107\n  - Modernise and improve code in AccountSettings in #5027\n  - Fix compatibility with newer python3-nautilus in #5105\n  - Only show Sync Now button if account is connected in #5097\n  - use new public API to open an edit locally URL in #5116\n  - Add a new file details window, unify file activity and sharing in #4929\n  - E2EE. Do not generate keypair without user request. in #5067\n  - Fix incorrect current user index when adding or removing a user account. Also fix incorrect user avatar lookup by id. in #5092\n  - Remove unused internal link widget from old share dialog in #5123\n  - Use separate variable for cfg file name in CMAKE. in #5136\n  - Bugfix/delete folders during propagation even when propagation has errors in #5104\n  - Remove unused app pointer in CocoaInitializer in #5127\n  - Ensure 'Sync now' button doesn't have its text elided in #5129\n  - Fix share delegate button icon colors in dark mode in #5132\n  - Do not use copy-assignment of QDialog. in #5148\n  - Remove unused remotePath in User::processCompletedSyncItem in #5118\n  - Make user status selector modal, show user header in #5145\n  - properly escape a path when creating a test file during tests in #5151\n  - Add support cmake unity build in #5109\n  - Fix typo of connector in #5157\n  - fully qualify types in signals and slots in #5088\n  - Remove reference to inexistent property in NCCustomButton in #5173\n  - Fix ActivityList delegate warnings in #5172\n  - Ensure forcing a folder to be synced unpauses syncing on said folder in #5152\n  - switch back to upstream craft in #5178\n  - fix renaming of folders with a deep hierarchy inside them in #5182\n  - fix instances of: c++11 range-loop might detach Qt container warnings in #5089\n  - Implement context menu entry 'Leave this share' in #5081\n  - check that we update local file mtime on changes from server in #5188\n  - Add end-to-end tests to our CI in #5124\n  - Modernize the Dolphin action plugin in #5192\n  - Ci/do not modify configuration file duringtests in #5200\n  - cmake: Use FindPkgConfig's pkg_get_variable instead of custom macro in #5199\n  - Fix tray window margins, stop cutting into window border in #5202\n  - fix regressions on pinState management when doing renames in #520\n  - Fix bad custom button alignments, sizings, etc. in #5189\n  - Ci/do not override configuration file in #5206\n  - Clearly tell user that E2EE has been enabled for an account in #5164\n  - Fix CfApiShellExtensionsIPCTest in #5209\n  - l10n: Fixed grammar in #5220\n  - Prevent bad encrypting of folder if E2EE has not been correctly set up in #5223\n  - Remove close/dismiss button from encryption message in #5163\n  - Update macOS shell integration deployment targets in #5227\n  - Bugfix/case cash conflicts should not terminate sync in #5224\n  - Differentiate between E2EE not being enabled at all vs. E2EE being enabled already through another device in account settings message in #5179\n  - Ensure more QML text components are rendering things as plain text in #5231\n  - l10n: Correct spelling in #5221\n  - Make use of plain text-enforcing qml labels in #5233\n  - Feature/edit file locally restart sync in #5175\n  - Fix CI errors for Edit Locally. in #5241\n  - Lock file when editing locally in #5226\n  - Format some QLabels as plain text in #5247\n  - do not create GUI from a random thread and show error on real error in #5253\n  - Fix BasicComboBox internal layout in #5216\n  - Explicitly size and align user status selector text input to avoid bugs with alternate QtQuick styles in #5214\n  - do not use bulk upload for e2ee files in #5256\n  - Only show mnemonic request dialog when user explicitly wants to enable E2EE in #5181\n  - Replace share settings popup with a page on a StackView in #5194\n  - Add interactive NC Talk notifications on macOS in #5143\n  - Show file details within the tray dialog, rather than in a separate dialog in #5139\n  - Silence sync termination errors when running EditLocallyJob. in #5261\n  - Fix typo in #5257\n  - Add an 'Encrypt' menu entry in file browser context menu for folders in #5263\n  - Add a nix flake for easy building and dev environments in #5007\n  - Add an internal link share to the share dialog in #5131\n  - Avoid the Get-Task-Allow Entitlement (macOS Notarization) in #5274\n  - sets a fixed version for pixman when buildign desktop client via Craft in #5269\n  - Fix SyncEngineTest failure when localstate is destroyed. in #5273\n  - Feature/remove obsolete names in #5271\n  - Remove unused HeaderBanner component in #5245\n  - Feature/do not sync enc folders if e2ee is not setup in #5258\n  - fix migration from old settings configuration files in #5141\n  - Use QFileInfo::exists where we are only creating a QFileInfo to check if file exists in #5291\n  - Make correct use of Qt signal 'emit' keyword in #5287\n  - Remove unused variables in #5290\n  - Declare all QRegularExpressions statically in #5289\n  - l10n: Remove space in #5297\n  - Feature/move shellextensions to root installdir in #5295\n  - Improve backup dark mode palette for Windows in #5298\n  - Allow setting up an account with apppasword and folder via command-line arguments. For deployment. in #5296\n  - Update file's metadata in the local database when the etag changes while file remains unchanged. \n    Fix subsequent conflict when locking and unlocking. in #5293\n  - Fix warnings on QPROPERTY-s in #5286\n  - Replace now deprecated FSEventStreamScheduleWithRunLoop with FSEventStreamSetDispatchQueue in #5272\n  - Fix macOS shell integration class inits in #5299\n  - Drop dependency on Qt Quick Controls 1 in #5309\n  - Fix full-text search results not being opened in browser in #5279\n  - Feature/allow forceoverrideurl via command line in #5329\n  - Bugfix/e2ee vulnerability empty metadatakeys in #5323\n  - Always generate random initialization vector when uploading encrypted file in #5324\n  - Fix bad string for translation. in #5358\n  - Update legal notice to 2023 in #5361\n  - Fix migration from legacy client when override server url is set in #5322\n  - Don't try to lock folders when editing locally in #5317\n  - Fix fetch more unified search result item not being clickable in #5266\n  - Add ability to disable E2EE in #5167\n  - Remove unused monochrome icons setting in #5366\n  - Feature/sync with case clash names in #5232\n  - Edit locally. Do not lock if locking is disabled on the server. in #5371\n  - Revert 'Merge pull request #5366 from nextcloud/bugfix/remove-mono-icons-setting' in #5372\n  - Open calendar notifications in the browser. in #4684\n  - Migrate old configs in #5362\n  - Always unlock E2EE folders, even when network failure or crash. in #5370\n  - Fix displaying of file details button for local syncfileitem activities in #5380\n  - Improve config upgrade warning dialog in #5386\n  - Backport/5385/stable 3.7 in #5388\n\n- Update to 3.6.6\n\n  - Revert 'Fix(l10n): capital_abcd Update translations from Transifex' 33f3975\n\n\n- Update to 3.6.5\n\n  - do not assert when sharing to a circle in #5310\n  - Fix macOS shell integration class inits in #5311\n  - Drop dependency on Qt Quick Controls 1 in #5312\n  - Feature/allow forceoverrideurl via command line in #5332\n  - Fix typo in #5270\n  - check that we update local file mtime on changes from server in #5321\n  - fix regressions on pinState management when doing renames in #5333\n  - Always generate random initialization vector when uploading encrypted file in #5334\n  - Fix SyncEngineTest failure when localstate is destroyed. in #5336\n  - Bugfix/e2ee vulnerability empty metadatakeys in #5335\n\n- Update to 3.6.4\n\n  - do not create GUI from a random thread and show error on real error\n\n- Update to 3.6.3\n\n  - Fix typo of connector\n  - fix renaming of folders with a deep hierarchy inside them\n  - Make user status selector modal, show user header\n  - Prevent bad encrypting of folder if E2EE has not been correctly set up\n  - Feature/edit file locally restart sync\n  - Add forcefoldersync method to folder manager\n  - Make use of plain text-enforcing qml labels\n  - Lock file when editing locally\n  - Format some QLabels as plain text\n\n- Update to 3.6.2\n\n  - Fix call notification dialog buttons by @backportbot-nextcloud in #5075\n  - emit missing signal to update folder sync status icon by @backportbot-nextcloud in #5090\n  - Fix macOS autoupdater settings by @backportbot-nextcloud in #5103\n  - Validate and sanitise edit locally token and relpath\n    before sending to server by @backportbot-nextcloud in #5106\n  - Fix compatibility with newer python3-nautilus by @backportbot-nextcloud in #5112\n  - Refactor FolderMan's 'Edit Locally' capabilities\n    as separate class by @backportbot-nextcloud in #5111\n  - use new public API to open an edit locally URL by @backportbot-nextcloud in #5117\n  - Use separate variable for cfg file name in CMAKE. by @backportbot-nextcloud in #5140\n  - Fix stable-3.6 compile on macOS by @claucambra in #5154\n  - Fix bad backport of CustomButton changes in Stable-3.6 by @claucambra in #5155\n  - Backport/5067/stable 3.6 by @allexzander in #5153\n  - Backport/5092/stable 3.6 by @allexzander in #5156\n  - properly escape a path when creating a test file during tests by @backportbot-nextcloud in #5158\n\n- Split out the dbus service related files that provides\n  libcloudproviders integration for nextcloud desktop client into\n  a separate package; when this is installed, launching any\n  app supporting libowncloudproviders (e.g. nautilus on GNOME)\n  will automatically launch the desktop client -- which is rather\n  annoying to happen by default, esp. in cases where a user does\n  not even have a nextcloud account (gh#nextcloud/desktop#1982,\n  gh#nextcloud/desktop#2622).\n\n- Make the extension working again on Nautilus 43.\n  This patch also support previous Nautilus versions.\n\n- Update to 3.6.1\n\n  - Fix wrong estimated time when doing sync.\n  - Bugfix/selective sync abort error\n  - Bugfix/conflict resolution when selecting folder\n  - Fix menu bar height calculation on macOS\n  - Fix add account window text clipping, enlarge text\n  - Accept valid lsColJob reply XML content types\n  - Fix low-resolution file changed overlay icons in activities\n  - Deallocate call notification dialog objects when closed\n  - Ensure that the file being processed has had its etag properly sanitised, log etag more\n  - Ensure strings in main window QML are presented as plain text and not HTML\n  - Do not format text in QML components as HTML\n  - Fix two factor authentication notification\n  - Bring back .lnk files on Windows and always treat them as non-virtual files.\n  - Fix 'Reply' primary property.\n  - Update after tx migrate\n  - Command-line client. Do not trust SSL certificates by default,\n    unless '--trust' option is set.\n  - Fix invisible user status selector button not being checked when user is in Offline mode\n  - Fix link shares default expire date being enforced as maximum expire date\n    even when maximum date enforcement is disabled on the server\n  - Backport/4989/stable 3.6\n  - use correct version copmparison on NSIS updater: fix update from rc\n  - Improve 'Handle local file editing' feature. Add loading popup. Add f…\n  - Backport/5039/bugfix/check token for edit locally requests\n  - Fix account not found when doing local file editing.\n  - Fix two factor auth notification: activity item was disabled.\n  - Fix predefined status text formatting\n  - Fix sync progress bar colours in dark mode\n  - Improve handling of file name clashes\n  - Ensure placeholder message in emoji picker wraps correctly\n\n- Update to 3.6.0\n  - Fix crash in cldapi.dll\n  - Updating command-rebase.yml workflow from template\n  - Reply button size should be same as the input field, smaller + text color\n  - Fix crashing when selecting user status and predefined statuses not appearing\n  - Make user status dialog look in line with the rest of the desktop client tray and Nextcloud\n  - Add a placeholder message for the recents tab of the emoji picker\n  - Add SVG icon styled for macOS Big Sur\n  - Ensure the dispatch source only gets deallocated after the dispatch_source_cancel is done,\n    avoiding crashing of the Finder Sync Extension on macOS\n  - Properly adapt the UserStatusSelectorModel to QML, eliminate hacks, make code more declarative\n  - Fix the system tray menu not being correctly replaced in setupContextMenu on GNOME\n  - Make the share dialog resizeable\n  - Make client language gender-neutral and more clear\n  - Use an en-dash for the userstatus panel\n  - Close call notifications when the call has been joined by the user, or the call has ended\n  - Correct spelling\n  - Print sync direction in SyncFileStatusTracker::slotAboutToPropagate\n  - Windows CI. Use specific Craft revision.\n  - Add 'db/local/remote' reference to log string.\n  - Work around issues with window positioning on Linux DEs,\n    hardcode tray window to screen center when new account added\n  - Add a custom back button to the account wizard's advanced setup page\n  - Clean up systray methods, make more QML-friendly\n  - Refactor tray window opening code for clarity and efficiency\n  - Increase the call state checking interval to not overload the server\n  - Fix bad quote in CMakeLists PNG generation message\n  - Only set _FORTIFY_SOURCE when a higher level of this flag has not been set\n  - Switch to using the main client CI image based on ubuntu 22.04\n  - Limit concurrent notifications\n  - Use macOS-specific application icon\n  - QML-ify the UserModel, use properties rather than setter methods\n  - Take ints by value rather than reference in UserModel methods\n  - Feature/vfs windows thumbnails\n  - Respect skipAutoUpdateCheck in nextcloud.cfg with Sparkle on macOS\n  - Restyle unified search skeleton items animation and simplify their code\n  - Stop styling QML unified search items hierarchically, use global Style constants\n  - Use preprocessor directive rather than normal 'if' for UNNotification types\n  - Make apps menu scrollable when content taller than available vertical space,\n    preventing borking of layout\n  - Ensure that throttled notifications still appear in tray activity model\n  - Stop clearing notifications when new notifications are received\n  - Fix ActivityItemContent QML paintedWidth errors\n  - Clicking on an activity list item for a file opens the local file if available\n  - Replace unified search text field busy indicator with custom indicator\n  - Update macOS Info.plist\n  - Ensure debug archive contents are readable by any user\n  - Remove Ubuntu Impish, add Kinetic\n  - Make UserStatusSelector a dismissible page pushed onto the tray window\n  - Feature/handle edit locally\n  - Add Debian Bullseye build\n  - Double-clicking tray icon opens currently-selected user's local folder (if available)\n  - Clean up TalkReplyTextField, remove unnecessary parent Item\n  - Refactor user line\n  - Do not reboot PC when running an MSI via autoupdate.\n  - Always run MSI with full UI.\n  - Eliminate padding around the menu separator in the account menu\n  - Feature/enable more warnings also for gcc\n  - Move CFAPI shell extensions variables to root CMakeLists.\n  - Move URI scheme variable from Nextcloud.cmake to root CMakeListsts.\n  - Ensure SyncEngine use an initialized instance of SyncOptions\n  - Fix QML warnings\n  - I18n: Spelling unification\n  - Fix crash: 'Failed to create OpenGL context'.\n  - Fix bugs with setting 'Away' user status\n  - Fix greek translation for application name in menu\n  - Align, resize, and layout everything uniformly in the unified search view\n  - Remove libglib-2.0.so.0 and libgobject-2.0.so.0 from Appimage.\n  - Fix unified search item placeholder image source\n  - Use same tooltip component everywhere, fix tooltip clipping bugs\n  - Fix account switching and hover issues with UserLine component\n  - Remove Ubuntu Focal\n  - Add a ScrollView to the predefined statuses area of the UserStatusSelector\n  - Prevent the 'Cancel' button of the user status selector getting squashed\n  - Ensure that clear status message combo box is at least implicit width\n  - Fix alignment of predefined status contents regardless of emoji fonts\n  - Prevent crashing when trying to create error-ing QML component in systray.cpp, output error to log\n  - Add CHANGELOG.md.\n  - Ensure file activity dialog is centered on screen and appears at top of window stack\n  - Build script for AppImage should not assume Nextcloud is the name\n  - Fix File Activities dialog not showing up.\n  - Reads and store fileId and remote permissions during bulk upload\n  - Do not build qt keychain already included in the CI images\n  - Bugfix/web engine on win11\n  - Update CHANGELOG for the 3.6.0 release.\n  - Fix script that upload AppImage to go in correct path\n\n- Update to 3.5.4\n\n  - Add and use DO_NOT_REBOOT_IN_SILENT=1 parameter for MSI to not reboot during the auto-update.\n\n- Update to 3.5.3\n  - Fix the system tray menu not being correctly replaced in setupContextMenu on GNOME\n  - Ensure call notification stays on top of other windows\n  - Work around issues with window positioning on Linux DEs,\n    hardcode tray window to screen center when new account added\n  - Clean up systray methods, make more QML-friendly\n  - Refactor tray window opening code for clarity and efficiency\n  - Only set _FORTIFY_SOURCE when a higher level of this flag has not been set\n  - Limit concurrent notifications\n  - Take ints by value rather than reference in UserModel methods\n  - Respect skipAutoUpdateCheck in nextcloud.cfg with Sparkle on macOS\n  - Use preprocessor directive rather than normal 'if' for UNNotification types\n  - QML-ify the UserModel, use properties rather than setter methods\n  - Fix ActivityItemContent QML paintedWidth errors\n  - Stop clearing notifications when new notifications are received\n  - Ensure debug archive contents are readable by any user\n  - Stop styling QML unified search items hierarchically, use global Style constants\n  - Update macOS Info.plist\n  - print sync direction in SyncFileStatusTracker::slotAboutToPropagate\n  - Remove Ubuntu Impish, add Kinetic\n  - Ensure that throttled notifications still appear in tray activity model\n  - Make apps menu scrollable when content taller than available vertical space,\n    preventing borking of layout\n\n- Update to 3.5.2\n\n  - Explicitly ask user for notification authorisation on launch (macOS)\n  - Fix crash caused by overflow in FinderSyncExtension\n  - add new fixup workflow from nextcloud org\n  - Display chat message inside the OS notification.\n  - Fix 'TypeError: Cannot readproperty 'messageSent' of undefined'.\n  - Add a transparent background to the send reply button.\n  - Fix build on macOS versions pre-11 (down to 10.14)\n  - Ignore Office temp folders on Mac ('.sb-' in folder name).\n  - Remove assert, it is no longer useful.\n  - Add contrast to the text/icon of buttons if the server defined color is light.\n  - fix general section\n  - Remove tooltip because it is only repeating the label of the link.\n  - bugfix/share-dialog\n  - Updating command-rebase.yml workflow from template\n  - Reply button size should be same as the input field, smaller + text color\n  - Close call notifications when the call has been joined by the user, or the call has ended\n  - Increase the call state checking interval to not overload the server\n  - Ensure the dispatch source only gets deallocated after\n    the dispatch_source_cancel is done, avoiding crashing of the Finder Sync Extension on macOS\n\n  * A more future-proof and distribution friendly fix for boo#1201070\n\n- Fix Tumbleweed build and install error boo#1201070.\n  Use own CFLAGS for Tumblweed with -D_FORTIFY_SOURCE=2 instead of -D_FORTIFY_SOURCE=3.\n\n- Update to 3.5.1\n  - Add new and correct sparkle update signature\n  - l10n: Remove string from translation\n  - l10n: Changed triple dot to ellipsis\n  - Ensure cache is stored in default cache location\n  - Updating command-rebase.yml workflow from template\n  - Remove '…' from 'Create Debug Archive' button\n  - docs: Replace 'preceded' with 'followed'\n  - only add OCS-APIREQUEST header for 1st request of webflow v1\n  - Make the make_universal.py script more verbose for easier debugging\n  - Revamp notifications for macOS and add support for actionable update notifications\n  - Use proper online status for user ('dnd', 'online', 'invisible', etc.) to enable or disable desktop notifications.\n  - Bugfix. Take root folder's files size into account when displaying the total size in selective sync dialog.\n  - Fix activity list item issues with colours/layout/etc.\n  - Bugfix/allow manual rename files with spaces\n  - Fixed share link expiration box being ineditable and always attempting to set invalid date\n  - Fix crashing of finder sync extension caused by dispatch_source_cancel of nullptr\n  - Simplify and remove the notification 'cache'\n  - Fix tray icon not displaying 'Open main dialog'\n  - if an exclude file is deleted, skip it and remove it from internal list\n  - Bugfix/two factor notification\n  - Fix visual borking in the share dialog\n  - add explicit capture for lambda\n\n- Update to 3.5.0\n  - Require cmake 3.16\n  - Add testing for ActivityListModel\n  - Check for dbus-1 when building with cloudproviders\n  - Add ability to copy internal link from share dialog\n  - Feature/improve activity buttons\n  - Add thumbnails for files in the activity view\n  - Use proper API to dehydrate a placeholder file\n  - Feature/Talk Reply v1\n  - Ensure we emit a rename command for renamed files\n  - Remove Hirsute, add Jammy\n  - Allow account menu to scroll when content height is larger than menu height\n  - Always build with updater. Use 'beta/stable' channel selector in 'General Settins' dialog with default 'stable'.\n  - Cmake option to disable proxy\n  - Add support for server color theming\n  - No longer assume status bar height, calculate, fixing notch borking on new MacBook Pro\n  - Add a dark mode\n  - Generates pot files automatically.\n  - Add headers in cmake files to get them properly detected\n  - Ensure that bulk upload network job errors are handled\n  - Do not remove a folder that has files that were not uploaded yet during propagation\n  - L10n: Change to lowercase\n  - Simplify currentScreen in systray.cpp\n  - Fix warn colour in dark mode\n  - Do not remove files from a Group folder and its nested folders when it is renamed or removed while not allowed.\n  - Rollback local move on server move failure\n  - Implement local socket to communicate with finder extension\n  - Bugfix/prevent overflow with mtime\n  - L10n: Changed spelling\n  - Add 'Help' action back.\n  - Ensure file activity dialog appears in centre of screen\n  - Increase maximum text line count in tray activity items to two lines\n  - Fix file activity dialog\n  - Properly ask Qt to create qml opengl surface with proper options\n  - Old submodule url does not work anylonger\n  - Old submodule url does not work anylonger\n  - Prepare for 3.5.0-rc1\n  - Fix icon color and highlight color issues\n  - Fix for VFS crashes due to mimetype checking for thumbnails\n  - Fix various dark mode bugs\n  - Add a new yml github issue template for bug reports.\n  - Ensure we only store update channel not localized in settings\n  - Improve talk reply\n  - Prepare for 3.5.0-rc2\n  - Bugfix/talk reply part 2\n  - Darkmode. Fix crash on exit.\n  - Avoid deleting renamed file with spaces in name\n  - More dark mode fixes\n  - Ensure we do properly failed hydration jobs\n  - Fix build of appimage for branded clients\n  - Prepare for 3.5.0-rc3\n  - Feature/files lock\n  - Add call notification dialog.\n  - Fix thumbnails for new files made while client open\n  - Increase time between connection tries\n  - Improve contrast on server color themed elements\n  - Fix positioning of activities in the activities list\n  - Bugfix/activities fetch server overload\n  - Realigned and resized thumbnails\n  - Add user avatars in talk notifications in activity list\n  - Fix sparkle implementation in the desktop client\n  - Prepare 3.5.0-rc4\n  - Prepare final 3.5.0 release\n\n- Update to 3.4.4\n  - Do not remove files from a Group\n    folder and its nested folders when it is renamed or removed\n    while not allowed.\n  - Bugfix/prevent overflow with mtime\n  - Old submodule url does not work anylonger\n\n- Update to 3.4.3\n  - Remove Hirsute, add Jammy\n  - Cmake option to disable proxy\n  - ensure we emit a rename command for renamed files\n  - Makes sure that sync engine terminates when an error happen\n  - ensure that bulk upload network job errors are handled\n  - Rollback local move on server move failure\n  - Do not remove a folder that has files that were not uploaded yet during propagation\n\n- Update to 3.4.2\n  - Bugfix/force re-login on SSL Handshake error\n  - Do not display 'Conflict when uploading some files to a folder\n  - Windows. MSI. Unregister Nextcloud folders in SyncRootManager on uninstall.\n  - Unbreak loading translations\n  - Hide share button for deleted files and ignored files in tray activity\n  - Display error message when creating a link share with compromised password.\n  - Bugfix. Re-init sharing manager to enable link sharing UI when receivng sharing permissions.\n  - Show only filenames in tray activity items, with full path in tooltip\n  - use proper API to dehydrate a placeholder file\n  - Add macOS *.textClipping files to ignore list\n\n- Updatete to 3.4.1\n  - fix random error when updating CfApi metadata\n  - do not forget the path when renaming files with invalid names\n  - Bugfix/assert invalid modtime\n  - Feature/folder logo variations\n  - Always prefill username from Windows login name based on server version\n  - Bugfix/3.4.1 rc1\n  - Bugfix/sync stuck on error\n  - Bugfix/force download local invalid files\n  - Enforce VFS. Disable 'Make always available locally'.\n  - Bugfix/avoid sync getting stuck\n  - Fix CMake error in ECMAddAppIcon for mac\n  - Do not crash on findAndCancelDeletedJob\n  - ensure any errors after calling FileSystem::getModTime are handled\n\n- Skiped version 3.4.0 because of modtime bug:\n  See: https://github.com/nextcloud/desktop/pull/4049\n  Please read the following wiki page How to fix files invalid modification date:\n  https://github.com/nextcloud/desktop/wiki/Fix-bug-invalid-modification-date\n","id":"openSUSE-SU-2023:0090-1","modified":"2023-04-12T10:56:37Z","published":"2023-04-12T10:56:37Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IHDC7NYZMDNIUM6KMGVNGTIO5AKPD4O7/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201070"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205798"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205799"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205800"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205801"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207976"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39331"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39332"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39333"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39334"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-23942"}],"related":["CVE-2022-39331","CVE-2022-39332","CVE-2022-39333","CVE-2022-39334","CVE-2023-23942"],"summary":"Security update for nextcloud-desktop","upstream":["CVE-2022-39331","CVE-2022-39332","CVE-2022-39333","CVE-2022-39334","CVE-2023-23942"]}