3 Commits

2 changed files with 8 additions and 4 deletions

View File

@ -1,17 +1,17 @@
# -------------- Build-time variables --------------
ARG NEXTCLOUD_VERSION=27.1.0
ARG NEXTCLOUD_VERSION=27.1.1
ARG PHP_VERSION=8.2
ARG NGINX_VERSION=1.24
ARG ALPINE_VERSION=3.18
ARG HARDENED_MALLOC_VERSION=11
ARG SNUFFLEUPAGUS_VERSION=0.9.0
ARG SNUFFLEUPAGUS_VERSION=0.10.0
ARG UID=1000
ARG GID=1000
# nextcloud-27.1.0.tar.bz2
ARG SHA256_SUM="c3167059e69c517b7ae07f3bb0b832433d324675859081fe953ea41bc7df1242"
# nextcloud-27.1.1.tar.bz2
ARG SHA256_SUM="3a91500566874675676fa3b5bfae2587a839cde41dfac5318043b162c1311fab"
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"

View File

@ -47,6 +47,10 @@ sp.disable_function.function("ini_get").param("option").value("open_basedir").fi
sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").filename("/nextcloud/3rdparty/guzzlehttp/guzzle/src/Utils.php").allow();
sp.disable_function.function("exec").param("command").value("apachectl -M | grep mpm").filename("/nextcloud/apps2/spreed/lib/Settings/Admin/AdminSettings.php").allow();
# Nextcloud inherently enables XXE-Protection since 27.0.1, therefore, drop setting a new external entity loader
sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/lib/base.php").allow();
sp.disable_function.function("libxml_set_external_entity_loader").drop();
# Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
sp.disable_function.function("chmod").param("permissions").value("438").drop();
sp.disable_function.function("chmod").param("permissions").value("511").drop();