HEX
Server: LiteSpeed
System: Linux server107.web-hosting.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: iddeczhh (1154)
PHP: 8.1.34
Disabled: NONE
$ pwd: /var/softaculous/nextcloud/
Upload Files
File: //var/softaculous/nextcloud/changelog.txt
Version 33.0.5 June 4, 2026
Changes:

server

    Refactor: move release changelog workflow to releases repo (server#60831)

notifications

    Fix: Add missing DI for IAppConfig to Push.php (notifications#3039)

text

    Fix(folderDescription): always use ‘Readme.md’ as filename (text#8658)
    Fix(headings): skip headings in details in table of contents (text#8660)
    Test(playwright): add summary job so we can add it to merge rules (text#8663)

Version 33.0.4 May 29, 2026
Changes:

    server
        Fix: allow renaming files with just update permissions (server#59241)
        Fix(encryption): limit oprhaned keys scan to one user (server#59808)
        Fix(s3): ignore prefixes with repeating delimiters (server#59829)
        Fix removed address book items not being synced between federated instances (server#59894)
        Fix(files): fix custom client-side error messages on move/copy actions (server#59954)
        Chore: Generate empty css entry points (server#59983)
        Feat: Better reporting if something is wrong with taskprocessing (server#59991)
        Fix: Harmonize login and passwordless login redirect behavior (server#60007)
        Fix(core): provide valid initial state also on public templates (server#60015)
        Test(cypress): clear state before user tests (server#60022)
        Fix(navigation): Fix default app icon (server#60133)
        Fix(files): escape html entities in dav search requests (server#60140)
        Fix(LocalPreviewStorage): Use correct regex to detect files in nested directory format (server#60143)
        Fix(comments): register event listener for typed comment events (server#60149)
        Fix(core): use btoa() instead of window.Buffer.from() for base64 encoding (server#60157)
        Fix: Dispatch old comment events (server#60168)
        Fix(comments): Add an action to comment notification that dismisses it (server#60175)
        Fix(core): prompt for password once when installing recommended apps (server#60184)
        Build: Remove testing app during packaging (server#60196)
        Feat(updatenotification): handle files_lock (server#60203)
        Chore: Increase page load timeout for oracle setup tests (server#60206)
        Fix(public.scss): increase footer width (server#60208)
        Fix: correct typo ‘occured’ to ‘occurred’ in SetupCheckManager (server#60210)
        Fix since checker (server#60219)
        Fix(settings): Fix admin delegation for hidden sections (server#60222)
        Fix: Fix permission issue when uploading a chunked file (server#60240)
        Feat(app-licenses): Add further compatible licenses for apps to use (server#60296)
        Fix(Setup): Ensure instanceid is generated during installation (server#60301)
        Test(cypress): Reduce flakiness (server#60302)
        Fix(http-client): detect brotli support via libcurl, not PHP extension (server#60309)
        Fix(s3): Add Content-MD5 header for DeleteObjects to fix AWS SDK v3.339.0+ compatibility (server#60322)
        Test(cypress): restore dashboard after app-limit test (server#60327)
        Fix(snowflake): fix wrong documentation about serverId (server#60328)
        Fix(files_sharing): apply link share password on first save (server#60329)
        Fix(UserConfig): cast getTypedValue() result to string in getValueBool() (server#60333)
        Perf(share): Remove useless order by id (server#60345)
        Remove unneeded sort when listing mail/federated shares (server#60356)
        Perf: remove unneeded sort in getFolderContentsById (server#60357)
        Fix(security): Update Expires time (server#60396)
        Fix(windmill): Fix baseUrl in background job (server#60468)
        Fix(workflowengine): use proper contrast colors for operations (server#60490)
        Fix(files_sharing): do not double escape special characters (server#60498)
        Fix error when creating mail shares if custom tokens are enabled (server#60509)
        Feat(users): Check assertion when enabling user (server#60516)
        Fix(files): only show template picker menu entries if possible (server#60522)
        Fix rendering custom columns in file lists (server#60526)
        Fix(OC_Helper): properly calculate quota of shared storages (server#60535)
        Fix(systemtags): Include leading slash in unified search tag link (server#60539)
        Don’t put hashed password in share api response (server#60549)
        Fix: only allow full admins to create ‘token needed’ webhooks (server#60555)
        Fix: improve check if external storage backend is local (server#60559)
        Fix: handle NAT64 addresses in isLocalAddress (server#60565)
        Fix: don’t tell the remote their token is lower (server#60574)
        Fix(AppStore/Fetcher): catch GenericFileException when reading cache file in Fetcher (server#60595)
        Enh(occ): make it possible to add an arbitrary number of users to a g… (server#60601)
        Fix: add proper ACLs for trashbin proxys (server#60603)
        Fix(dav): Skip removal of classified activity when not generated anymore (server#60605)
        Fix(argon2): respect max value for hashingThreads (server#60608)
        Fix(Dav): make absenceform textarea not overlap (server#60614)
        Fix(files): use displayname rather than basename to use progress (server#60625)
        Feat(openmetrics): export more resilient if exception happens (server#60627)
        Fix: Increase limit for share/unshare requests per hour (server#60633)
        Chore(snowflake): add more randomness in server id fallback (server#60635)
        Fix: treat all WebKit iOS browseres the same (server#60638)
        Fix(config): add null coalescing fallback in getValueBool before strtolower (server#60725)
        Fix(settings): confirm app-token revoke and preserve wipe state (server#60768)
    activity
        Fix(cypress): improve e2e test stability on stable33 (activity#2561)
        Refactor: replace magic batch-time seconds with named constants (activity#2575)
        Refactor: clarify fileCreate() condition by making the specific case explicit (activity#2576)
        Refactor: flatten nesting with early returns (activity#2579)
        Refactor: flatten nesting with early returns in FilesHooks and ViewInfoCache (activity#2581)
        Fix(notifications): mark activity notifications as read when viewing file activities (activity#2606)
        Fix(bulkReceive): honour admin email toggle and ISetting notification defaults (activity#2608)
        Fix(MailQueueHandler): check enable_email toggle before sending queued emails (activity#2611)
        Fix(reuse): exclude pr-body.md from REUSE compliance check (activity#2623)
    app_api
        Fix(filesplugin): file actions invisible on NC33+ (registry mismatch, stable33) (app_api#856)
        Refactor: simplify enabled-state check in validateExAppRequestToNC (app_api#861)
        Fix(proxy): validate request path before forwarding to ExApp (app_api#868)
        Fix: proxy route leading slash (app_api#876)
        Fix: normalize missing bruteforce_protection and headers_to_exclude on ExApp routes (app_api#883)
    bruteforcesettings
        Chore(l10n): Fixed resource name (bruteforcesettings#1087)
    circles
        Feat: add search and limit support for team members list (circles#2460)
    files_pdfviewer
        Fix: :bug: Update pdf save to use correct dav path and credentials (files_pdfviewer#1440)
    logreader
        Feat: Remove unnecessary whitespaces (logreader#2027)
    notifications
        Feat(push): Optionally use OAEP padding (notifications#2986)
    photos
        Fix downloading files from public share (photos#3506)
    recommendations
        Fix: files v4 header registration (recommendations#1024)
    serverinfo
        Fix(disk): ignore efivarfs pseudo-mount (serverinfo#985)
        Fix(php): include Zend extensions in loaded extensions list (serverinfo#987)
        Ci(deps-dev): bump psalm to 6.16.1 (serverinfo#989)
        Ci(actions): Update workflows (serverinfo#991)
    text
        Perf(rich_workspace): only add property for parent (text#8498)
        Fix(workspace): reuse WorkspaceService file lookup in direct() (text#8508)
        Fix(LinkBubble): don’t display dismiss edit button when read-only (text#8519)
        Center inserted images (text#8529)
        Build: do not include playwright folder in packaging (text#8533)
        Chore(performance): use async components properly (text#8535)
        Fix(lists): allow to toggle between all types of lists (text#8567)
        Fix(TaskItem): use div instead of label element as task item wrapper (text#8572)
        Fix(code): fix regex to not eat preceding character (text#8575)
        Feat: add support for wiki-style link and image Markdown syntax (text#8576)
        Fix(links): allow to transform inline links to previews (text#8577)
        Security: Unbounded `limit` parameter in user search can be abused for resource exhaustion (text#8580)
        Fix(links): allow to pass custom link handler into editor and use it (text#8581)
        Fix(orderdList): preserve non-1 start numbers (text#8589)
        Fix(code): don’t apply inline code CSS rules to code blocks (text#8613)
        Fix: allow dots in markdown link text (text#8621)
        Fix(folderDescription): fix max height in unfocused mode (text#8623)
        Fix: several table button design fixes (text#8630)
        Chore: remove codecov (text#8632)
    twofactor_totp
        Fix(migration): preserve state=2 secrets when cleaning up unverified … (twofactor_totp#1775)
    viewer
        Fix: adjust z-index for color picker modals (viewer#3185)
@ Telegram