mailinabox icon indicating copy to clipboard operation
mailinabox copied to clipboard

Published 20 hours ago verified publisher icon mail-in-a-box

Upgrade PHP from v8.0 to v8.1

Open binarykitchen opened this issue 1 year ago • 0 comments

Because new Nextcloud vulnerabilities have been reported and look scary, we should consider upgrading Nextcloud from the current v26 to the latest v27.

But because v27 requires PHP v8.1 we should do this in two steps, with this one PHP upgrade first: https://docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_27.html

The following links confirm these reported vulnerabilities:

  • https://www.cvedetails.com/vulnerability-list/vendor_id-15913/Nextcloud.html
  • https://www.heise.de/en/news/Nextcloud-Attackers-can-bypass-two-factor-authentication-9766141.html

In the past, two PRs have been made for this but never got merged:

  • https://github.com/mail-in-a-box/mailinabox/pull/2309
  • https://github.com/mail-in-a-box/mailinabox/pull/2319

These PRs are probably behind master, so let's create a new PR and pick the best from both PRs while carefully testing everything locally.

Suggestions welcome. Discussion is open here.

binarykitchen avatar Jun 18 '24 06:06 binarykitchen