Well yeah suprise suprise here are some big flaws in nextcloud again. This time found by BSI (german infosec authority)
For none german readers the gist is: update to patch. What was vulnerable is the 2FA, External Storage Support, and File Share via Federation with some plain text passwords.
Found english article:
Does this mean OwnCloud is a better option?
Afaik neither have properly implemented and good working e2ee.
These flaws have now been addressed. But yeah the way both are built (nc is a fork of occ) i would not rely on publically accessible instances. If you take other measures and know how too it may have a use case else just use a provider that actually uses e2ee so problems like these are less troublesome.
That’s unfortunate. Can’t we have one good option for all of what Nextcloud provides as a workspace and storage solution.
Why cant we have nice things?
That was a rhetorical statement written as a question. I didn’t literally mean it.
Owncloud Infinite Scale might be a more secure option due to its heavy use of memory safe language (mainly written in Go) and modern design. Unfortunately it does not have end-to-end encryption either and it’s not as battle tested and feature rich as Nextcloud.