If apps stop supporting 1 major version behind, is being behind more secure?

image

image

With all of my passwords are on here, if the well resourced app stopped supporting 1 major version behind, it would be unique security risk for me. This nextbox app is blocking me from updating.

Please help.

Hey @khj,

NextBox always stays exactly 1 major version behind the latest Nextcloud version, they by themselves consider this the production version … You might have seen that the last update to 26.0.8 is like some days old and all security relevant patches are always backported -2 major versions. The fact that password receives the last update by the end of the year does not really render it a security risk today…

So based on the Nextcloud version, the NextBox is anything but a security risk. I would kindly ask you to correct the misleading title of this thread.

Some more details on current Nextcloud versions:

  • 28.0.0 was released two days ago
  • this is usually our trigger, so we update to the next major version, this would be 27.1.5 - which was released 5 hours ago
  • the matching NextBox release to bring Nextcloud to 27.1.5 is already done, but the official dockerhub docker container from Nextcloud was not yet updated to 27.1.5, this usually takes 1-4days
  • once the docker container is available, there will be some more testing from our side (to avoid equally scandalizing threads here in the forums) - and I would expect 27.1.5 to be released somewhere beginning of next week
1 Like

Thank you for pointing all of this out and I love the support NItrokey are giving to their product. I have amended my post headline as after reading your reply, it is misleading.

I have an idea that could suppress future posts such as this during major releases, and because I’m writing a self hosted/security book, I want to recommend Nitrokey and Nextbox (i really do). So in order to give people confidence of what Nitrokey are doing, when major releases are put out, maybe a sticky post in the forum outlaying what Nitrokey are already doing, could be beneficial (just like what you’ve done here).

Hey @khj

thanks for sharing you ideas, we are planning something very similar to make people aware of recent releases and guide them towards the right infos (docs).

best

1 Like