server
server copied to clipboard
nextcloud
Dependency Update Moment.js to 2.29.4 in Nextcloud 24.0.4
⚠️ This issue respects the following points: ⚠️
- [X] This is a bug, not a question or a configuration/webserver/proxy issue.
- [X] This issue is not already reported on Github (I've searched it).
- [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- [X] Nextcloud Server is running on 64bit capable CPU, PHP and OS.
- [X] I agree to follow Nextcloud's Code of Conduct.
Bug description
Nessus is reporting a security issue with Moment.js.
2.29.4 Release Jul 6, 2022 https://github.com/moment/moment/pull/6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex
Steps to reproduce
Just scanned with nessus
Expected behavior
Show current 2.29.4 version
Installation method
No response
Operating system
No response
PHP engine version
No response
Web server
No response
Database engine version
No response
Is this bug present after an update or on a fresh install?
No response
Are you using the Nextcloud Server Encryption module?
No response
What user-backends are you using?
- [ ] Default user-backend (database)
- [x] LDAP/ Active Directory
- [ ] SSO - SAML
- [ ] Other
Configuration report
No response
List of activated Apps
Enabled:
- activity: 2.16.0
- admin_audit: 1.14.0
- circles: 24.0.0
- cloud_federation_api: 1.7.0
- comments: 1.14.0
- contactsinteraction: 1.5.0
- dashboard: 7.4.0
- dav: 1.22.0
- documentserver_community: 0.1.12
- external: 4.0.0
- federatedfilesharing: 1.14.0
- files: 1.19.0
- files_accesscontrol: 1.14.0
- files_antivirus: 3.3.1
- files_pdfviewer: 2.5.0
- files_rightclick: 1.3.0
- files_sharing: 1.16.2
- files_trashbin: 1.14.0
- files_versions: 1.17.0
- files_videoplayer: 1.13.0
- forms: 2.5.1
- groupfolders: 12.0.1
- guests: 2.2.0
- impersonate: 1.11.0
- keeweb: 0.6.9
- logreader: 2.9.0
- lookup_server_connector: 1.12.0
- nextcloud_announcements: 1.13.0
- notes: 4.4.0
- notifications: 2.12.0
- oauth2: 1.12.0
- onlyoffice: 7.5.4
- password_policy: 1.14.0
- passwords: 2022.6.20
- privacy: 1.8.0
- provisioning_api: 1.14.0
- ransomware_protection: 1.13.0
- recommendations: 1.3.0
- serverinfo: 1.14.0
- settings: 1.6.0
- sharebymail: 1.14.0
- socialsharing_email: 2.5.0
- spreed: 14.0.3
- systemtags: 1.14.0
- tasks: 0.14.4
- text: 3.5.1
- twofactor_backupcodes: 1.13.0
- twofactor_email: 2.5.0
- twofactor_nextcloud_notification: 3.4.0
- twofactor_totp: 6.4.0
- twofactor_webauthn: 0.3.1
- user_ldap: 1.14.1
- user_status: 1.4.0
- viewer: 1.8.0
- weather_status: 1.4.0
- workflowengine: 2.6.0
Disabled:
- accessibility: 1.8.0
- encryption
- federation: 1.11.0
- files_external: 1.7.0
- firstrunwizard: 2.10.0
- photos: 1.1.0
- support: 1.4.0
- survey_client: 1.9.0
- theming: 1.13.0
Nextcloud Signing status
No response
Nextcloud Logs
No response
Additional info
No response
