httpoxy Can Affect Nextcloud, Get Your Update Now

We ship Guzzle 5 as part of Nextcloud. This handles http requests and supports HTTP_PROXY environment variable which can be abused, in some special scenario’s, by an attacker to read content. In the worst case, when you use the ajax cron feature, an attacker can potentially see external storage credentials and data. We recommend not to use the ajax cron feature but the system cron if possible, as that also improves performance and reliability.

As a precaution and because security and privacy are paramount for our users, we released a security update. Grab the latest from the install page! Here is documentation on doing a manual upgrade or migrate.

Learn more about httpoxy here.

Start the discussion at the
Nextcloud forums

Go to Forums
This site is registered on as a development site. Switch to a production site key to remove this banner.