We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
Upgrading PHP to > 7.2.24 would fix the issue but the max version available on Ubuntu 18.04 right now is 7.2.19
The other fix as specified in the Netxcloud link above is to make the following changes the /etc/nginx/conf.d/local.conf file :
location / { rewrite ^ /index. }
Note the removal of $request_uri
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPTFILENAME $document_root$fastcgi_script_name; fastcgi_param PATHINFO $fastcgi_path_info; fastcgi_param HTTPS on; # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; # Enable pretty urls fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; }
Note the addition of the $try_files $fastcgi_script_name =404;
I've made those modifications myself but found out MIAB overwrites the nginx conf file daily.
The text was updated successfully, but these errors were encountered:
Closing this as another issue has been opened 10 minutes ago : #1663
Sorry, something went wrong.
No branches or pull requests
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
Upgrading PHP to > 7.2.24 would fix the issue but the max version available on Ubuntu 18.04 right now is 7.2.19
The other fix as specified in the Netxcloud link above is to make the following changes the /etc/nginx/conf.d/local.conf file :
Note the removal of $request_uri
Note the addition of the $try_files $fastcgi_script_name =404;
I've made those modifications myself but found out MIAB overwrites the nginx conf file daily.
The text was updated successfully, but these errors were encountered: