Skip to content

feat: add ownCloud 10.16.2 stable release#599

Merged
DeepDiver1975 merged 6 commits intomasterfrom
feat/owncloud-10.16.2-stable
Apr 23, 2026
Merged

feat: add ownCloud 10.16.2 stable release#599
DeepDiver1975 merged 6 commits intomasterfrom
feat/owncloud-10.16.2-stable

Conversation

@DeepDiver1975
Copy link
Copy Markdown
Contributor

@DeepDiver1975 DeepDiver1975 commented Apr 23, 2026
edited
Loading

Summary

  • Replaces `10.16.2RC1` with the final `10.16.2` stable release (SHA256: `7441075590e16d0b1f2b6c4b0c1cbdb1129287eabd49d9e27c2d92e0d95a3392`)
  • Migrates all CVE suppression from root `.trivyignore` to per-version scoped files under `//.trivyignore`
  • Deletes root `.trivyignore`
  • Adds `docker-extra-tags` to the matrix following the same pattern as feat: add floating major/minor tags to publish matrix ocis#3

Trivyignore changes

Version Suppressions
`10.16.2` `CVE-2024-51736` (Windows-only), `GHSA-27qh-8cxx-2cr5` (bundled aws-sdk-php 3.337.3, fix requires ownCloud vendor update)
`10.16.1` `CVE-2024-51736`, `GHSA-27qh-8cxx-2cr5` (aws-sdk-php 3.226.0), `CVE-2026-32935` (phpseclib, fixed in 10.16.2)
`10.15.3` `CVE-2024-51736`, `GHSA-27qh-8cxx-2cr5` (aws-sdk-php 3.226.0), `CVE-2026-32935` (phpseclib, fixed in 10.16.2)
`11.0.0-prealpha` `CVE-2024-51736`, `CVE-2026-32935` (phpseclib 3.0.49, fix at 3.0.50)

Extra tags

Version Tags published
`10.16.2` `10.16.2`, `10.16`, `10`, `latest`
`10.16.1` `10.16.1`
`10.15.3` `10.15.3`, `10.15`
`11.0.0-prealpha` `11.0.0-prealpha`

Test plan

  • Docker image built locally successfully
  • Trivy scan passes cleanly for `10.16.2` with scoped ignore file
  • CI builds all four images successfully
  • Extra tags are published correctly on merge to master

🤖 Generated with Claude Code

DeepDiver1975 and others added 5 commits April 23, 2026 11:04
@DeepDiver1975 @claude
feat: add ownCloud 10.16.2 stable release
bbd5ed2 
- Replace 10.16.2RC1 with 10.16.2 stable tarball
- Migrate CVE suppression to per-version scoped .trivyignore files
- Delete root .trivyignore
- Update README to explicit version tags only

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DeepDiver1975 @claude
chore: add CVE suppressions for 10.16.2 trivy scan
92695ae 
- CVE-2024-51736: windows-only (symfony/process in updater vendor)
- GHSA-27qh-8cxx-2cr5: bundled aws-sdk-php 3.337.3 in files_primary_s3, fix requires ownCloud to update

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DeepDiver1975 @claude
chore: add CVE-2026-32935 to 10.15.3 trivyignore
e3c0b54 
Will be fixed with oc 10.16.2.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DeepDiver1975 @claude
chore: add CVE-2026-32935 to 10.16.1 trivyignore
7d34611 
Will be fixed with oc 10.16.2.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DeepDiver1975 @claude
chore: fix trivyignore files based on actual scan results
7c3cffd 
- Remove stale CVE-2025-45769 (not present in any image)
- Add CVE-2026-32935 to 11.0.0-prealpha (phpseclib 3.0.49 affected)
- Fix GHSA-27qh-8cxx-2cr5 comment: not a php7.4 issue, bundled aws-sdk-php vendor

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DeepDiver1975 @claude
feat: add extra-tags to matrix entries
b411e5c 
- 10.16.2: also publishes 10.16, 10, latest
- 10.15.3: also publishes 10.15
- 10.16.1, 11.0.0-prealpha: explicit version tag only

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
phil-davis
phil-davis approved these changes Apr 23, 2026
View reviewed changes
Comment thread .github/workflows/main.yml
@DeepDiver1975 DeepDiver1975 enabled auto-merge (squash) April 23, 2026 10:40
@DeepDiver1975 DeepDiver1975 merged commit 05521e4 into master Apr 23, 2026
9 checks passed
@DeepDiver1975 DeepDiver1975 deleted the feat/owncloud-10.16.2-stable branch April 23, 2026 10:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phil-davis phil-davis phil-davis approved these changes

@kw-ftaeger kw-ftaeger Awaiting requested review from kw-ftaeger

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DeepDiver1975 @phil-davis