v33.0.5

v33.0.5

v32.0.11

v32.0.11

v33.0.5rc1

v33.0.5rc1

v32.0.11rc1

v32.0.11rc1

v34.0.0rc3

Could not find base or head reference on office.

Nextcloud 34

server

• Feat(appstore): show new column with groups the app is limited to (server#60497)
• Fix(systemtags): Include leading slash in unified search tag link (server#60538)
• Fix(AppStore/Fetcher): catch GenericFileException when reading cache file in Fetcher (server#60593)
• Fix(caldav): grant sharee Acls to the delegate (server#60647)
• Fix(http): avoid iconv for header ascii fallback (server#60723)
• Fix(config): add null coalescing fallback in getValueBool before strtolower (server#60726)
• Fix(settings): confirm app-token revoke and preserve wipe state (server#60745)
• Feat(core): Add centered search input to top bar (server#60761)
• Feat: Add office as shipped app (server#60777)
• Fix(core): Hide current-app label at narrower viewports (server#60784)
• Fix(DB): Enforce foreign key constraints in SQLite (server#60793)
• Feat(settings): replace OnlyOffice with Euro-Office in office suite s… (server#60794)
• Background jobs improvements (server#60795)
• Chore(l10n): Plural needed to support multiplural languages (server#60800)
• Spelling fixes (server#60810)
• Chore(i18n): Remove space in word1/word2 (server#60814)

activity

• Fix(reuse): exclude pr-body.md from REUSE compliance check (activity#2622)
• Chore(deps): Bump nextcloud-vue from 9.7.0 to 9.8.0 (activity#2625)

bruteforcesettings

• Ci(psalm): Update psalm to a version that supports all PHP versions (bruteforcesettings#1101)

files_lock

• Fix(LockWrapper): gracefully handle null user in copyFromStorage() (files_lock#1100)

serverinfo

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (serverinfo#997)

text

• Test(playwright): add summary job so we can add it to merge rules (text#8662)

v33.0.4

Nextcloud 33.0.4

server

• Fix: allow renaming files with just update permissions (server#59241)
• Fix(encryption): limit oprhaned keys scan to one user (server#59808)
• Fix(s3): ignore prefixes with repeating delimiters (server#59829)
• Fix removed address book items not being synced between federated instances (server#59894)
• Fix(files): fix custom client-side error messages on move/copy actions (server#59954)
• Chore: Generate empty css entry points (server#59983)
• Feat: Better reporting if something is wrong with taskprocessing (server#59991)
• Fix: Harmonize login and passwordless login redirect behavior (server#60007)
• Fix(core): provide valid initial state also on public templates (server#60015)
• Test(cypress): clear state before user tests (server#60022)
• Fix(navigation): Fix default app icon (server#60133)
• Fix(files): escape html entities in dav search requests (server#60140)
• Fix(LocalPreviewStorage): Use correct regex to detect files in nested directory format (server#60143)
• Fix(comments): register event listener for typed comment events (server#60149)
• Fix(core): use btoa() instead of window.Buffer.from() for base64 encoding (server#60157)
• Fix: Dispatch old comment events (server#60168)
• Fix(comments): Add an action to comment notification that dismisses it (server#60175)
• Fix(core): prompt for password once when installing recommended apps (server#60184)
• Build: Remove testing app during packaging (server#60196)
• Feat(updatenotification): handle files_lock (server#60203)
• Chore: Increase page load timeout for oracle setup tests (server#60206)
• Fix(public.scss): increase footer width (server#60208)
• Fix: correct typo 'occured' to 'occurred' in SetupCheckManager (server#60210)
• Fix since checker (server#60219)
• Fix(settings): Fix admin delegation for hidden sections (server#60222)
• Fix: Fix permission issue when uploading a chunked file (server#60240)
• Feat(app-licenses): Add further compatible licenses for apps to use (server#60296)
• Fix(Setup): Ensure instanceid is generated during installation (server#60301)
• Test(cypress): Reduce flakiness (server#60302)
• Fix(http-client): detect brotli support via libcurl, not PHP extension (server#60309)
• Fix(s3): Add Content-MD5 header for DeleteObjects to fix AWS SDK v3.339.0+ compatibility (server#60322)
• Test(cypress): restore dashboard after app-limit test (server#60327)
• Fix(snowflake): fix wrong documentation about serverId (server#60328)
• Fix(files_sharing): apply link share password on first save (server#60329)
• Fix(UserConfig): cast getTypedValue() result to string in getValueBool() (server#60333)
• Perf(share): Remove useless order by id (server#60345)
• Remove unneeded sort when listing mail/federated shares (server#60356)
• Perf: remove unneeded sort in getFolderContentsById (server#60357)
• Fix(security): Update Expires time (server#60396)
• Fix(windmill): Fix baseUrl in background job (server#60468)
• Fix(workflowengine): use proper contrast colors for operations (server#60490)
• Fix(files_sharing): do not double escape special characters (server#60498)
• Fix error when creating mail shares if custom tokens are enabled (server#60509)
• Feat(users): Check assertion when enabling user (server#60516)
• Fix(files): only show template picker menu entries if possible (server#60522)
• Fix rendering custom columns in file lists (server#60526)
• Fix(OC_Helper): properly calculate quota of shared storages (server#60535)
• Fix(systemtags): Include leading slash in unified search tag link (server#60539)
• Don't put hashed password in share api response (server#60549)
• Fix: only allow full admins to create 'token needed' webhooks (server#60555)
• Fix: improve check if external storage backend is local (server#60559)
• Fix: handle NAT64 addresses in isLocalAddress (server#60565)
• Fix: don't tell the remote their token is lower (server#60574)
• Fix(AppStore/Fetcher): catch GenericFileException when reading cache file in Fetcher (server#60595)
• Enh(occ): make it possible to add an arbitrary number of users to a g… (server#60601)
• Fix: add proper ACLs for trashbin proxys (server#60603)
• Fix(dav): Skip removal of classified activity when not generated anymore (server#60605)
• Fix(argon2): respect max value for hashingThreads (server#60608)
• Fix(Dav): make absenceform textarea not overlap (server#60614)
• Fix(files): use displayname rather than basename to use progress (server#60625)
• Feat(openmetrics): export more resilient if exception happens (server#60627)
• Fix: Increase limit for share/unshare requests per hour (server#60633)
• Chore(snowflake): add more randomness in server id fallback (server#60635)
• Fix: treat all WebKit iOS browseres the same (server#60638)
• Fix(config): add null coalescing fallback in getValueBool before strtolower (server#60725)
• Fix(settings): confirm app-token revoke and preserve wipe state (server#60768)

activity

• Fix(cypress): improve e2e test stability on stable33 (activity#2561)
• Refactor: replace magic batch-time seconds with named constants (activity#2575)
• Refactor: clarify fileCreate() condition by making the specific case explicit (activity#2576)
• Refactor: flatten nesting with early returns (activity#2579)
• Refactor: flatten nesting with early returns in FilesHooks and ViewInfoCache (activity#2581)
• Fix(notifications): mark activity notifications as read when viewing file activities (activity#2606)
• Fix(bulkReceive): honour admin email toggle and ISetting notification defaults (activity#2608)
• Fix(MailQueueHandler): check enable_email toggle before sending queued emails (activity#2611)
• Fix(reuse): exclude pr-body.md from REUSE compliance check (activity#2623)

app_api

• Fix(filesplugin): file actions invisible on NC33+ (registry mismatch, stable33) (app_api#856)
• [Refactor: simplify enabled-state...

v32.0.10

Nextcloud 32.0.10

server

• Feat(user_ldap): Add config for partial search compatibility with ActiveDirectory (server#58280)
• Fix: manually set modified time to SFTP files after editing (server#59499)
• Fix(files): only disable template creation when both skeleton directories are empty (server#59750)
• Fix(encryption): limit oprhaned keys scan to one user (server#59810)
• Fix removed address book items not being synced between federated instances (server#59893)
• Fix(files): internal drag and drop (server#59924)
• Fix reenabling system address book (server#59956)
• Feat: Better reporting if something is wrong with taskprocessing (server#59990)
• Fix: Harmonize login and passwordless login redirect behavior (server#60009)
• Fix(core): provide valid initial state also on public templates (server#60024)
• Fix(navigation): Fix default app icon (server#60132)
• Fix(files): escape html entities in dav search requests (server#60141)
• Fix(core): use btoa() instead of window.Buffer.from() for base64 encoding (server#60158)
• Fix(comments): Add an action to comment notification that dismisses it (server#60174)
• Fix(public.scss): increase footer width (server#60207)
• Fix(theming): fix broken custom images introduced by #58224 (server#60233)
• Fix(core): prompt for password once when installing recommended apps (server#60237)
• Fix: Fix permission issue when uploading a chunked file (server#60239)
• Feat(app-licenses): Add further compatible licenses for apps to use (server#60295)
• Fix(Setup): Ensure instanceid is generated during installation (server#60300)
• Test(cypress): Reduce flakiness (server#60303)
• Fix(s3): Add Content-MD5 header for DeleteObjects to fix AWS SDK v3.339.0+ compatibility (server#60321)
• Fix(files_sharing): apply link share password on first save (server#60330)
• Fix(settings): Fix missing import for strict mode of app password del… (server#60351)
• Fix(security): Update Expires time (server#60395)
• Fix error when creating mail shares if custom tokens are enabled (server#60510)
• Fix(files): only show template picker menu entries if possible (server#60521)
• Fix(UserConfig): cast getTypedValue() result to string in getValueBool() (server#60532)
• Don't put hashed password in share api response (server#60550)
• Fix: only allow full admins to create 'token needed' webhooks (server#60556)
• Fix: improve check if external storage backend is local (server#60560)
• Fix: handle NAT64 addresses in isLocalAddress (server#60566)
• Fix: don't tell the remote their token is lower (server#60575)
• Fix(AppStore/Fetcher): catch GenericFileException when reading cache file in Fetcher (server#60594)
• Enh(occ): make it possible to add an arbitrary number of users to a g… (server#60600)
• Fix: add proper ACLs for trashbin proxys (server#60602)
• Fix(dav): Skip removal of classified activity when not generated anymore (server#60607)
• Fix(files): show proper information when a move will override the target (server#60615)
• Feat(users): Check assertion when enabling user (server#60618)
• Remove unneeded sort when listing mail/federated shares (server#60629)
• Perf: remove unneeded sort in getFolderContentsById (server#60630)
• Fix: Increase limit for share/unshare requests per hour (server#60632)
• Fix(config): add null coalescing fallback in getValueBool before strtolower (server#60724)
• Fix(settings): confirm app-token revoke and preserve wipe state (server#60769)

activity

• Fix(cypress): improve e2e test stability on stable32 (activity#2560)
• Refactor: clarify fileCreate() condition by making the specific case explicit (activity#2577)
• Refactor: replace magic batch-time seconds with named constants (activity#2578)
• Refactor: flatten nesting with early returns (activity#2580)
• Fix(notifications): mark activity notifications as read when viewing file activities (activity#2605)
• Fix(MailQueueHandler): check enable_email toggle before sending queued emails (activity#2610)
• Fix(reuse): exclude pr-body.md from REUSE compliance check (activity#2624)

app_api

• Refactor: simplify enabled-state check in validateExAppRequestToNC (app_api#862)
• Fix(proxy): validate request path before forwarding to ExApp (app_api#869)
• Fix: proxy route leading slash (app_api#877)

circles

• Feat: add search and limit support for team members list (circles#2461)

files_pdfviewer

• Fix: 🐛 Update pdf save to use correct dav path and credentials (files_pdfviewer#1439)

notifications

• Chore(deps): bump @nextcloud/browserlist-config to 3.1.2 (notifications#2984)
• Feat(push): Optionally use OAEP padding (notifications#2985)
• Chore(deps): npm run audit fix (notifications#2989)

photos

• Fix downloading files from public share (photos#3505)

serverinfo

• Fix(disk): ignore efivarfs pseudo-mount (serverinfo#986)
• Fix(php): include Zend extensions in loaded extensions list (serverinfo#988)

text

• Fix(workspace): reuse WorkspaceService file lookup in direct() (text#8509)
• Fix(LinkBubble): don't display dismiss edit button when read-only (text#8518)
• Center inserted images (text#8530)
• Build: do not include playwright folder in packaging (text#8532)
• Security: Unbounded `limit` parameter in user search can be abused for resource exhaustion (text#8579)
• Fix(code): don't apply inline code CSS rules to code blocks (text#8612)
• Fix(folderDescription): fix max height in unfocused mode (text#8626)

twofactor_totp

• Fix(migration): preserve state=2 secrets when cleaning up unverified … (twofactor_totp#1774)

viewer

• Fix: adjust z-index for color picker modals (viewer#3184)

v34.0.0rc2

Nextcloud 34

server

• Welcome stable34 (server#60394)
• Fix(security): Update Expires time (server#60397)
• Fix(windmill): Fix baseUrl in background job (server#60469)
• Fix(appstore): fix reference to non-existing `forceEnableApp` function (server#60488)
• Fix(workflowengine): use proper contrast colors for operations (server#60489)
• Fix(files_sharing): do not double escape special characters (server#60499)
• Fix error when creating mail shares if custom tokens are enabled (server#60508)
• Add runtime operations in WFE (server#60512)
• Feat(users): Check assertion when enabling user (server#60517)
• Fix(files): only show template picker menu entries if possible (server#60520)
• Fix rendering custom columns in file lists (server#60525)
• Fix(files_sharing): Use UnknownActivityException (server#60531)
• Fix(OC_Helper): properly calculate quota of shared storages (server#60534)
• Fix: remove too verbose error log line in AddExtraHeadersPlugin (server#60540)
• Fix(appstore): use alias for translations as `appstore` is taken by `apps.nextcloud.com` (server#60545)
• Don't put hashed password in share api response (server#60548)
• Fix: only allow full admins to create 'token needed' webhooks (server#60554)
• Fix: improve check if external storage backend is local (server#60558)
• Fix: handle NAT64 addresses in isLocalAddress (server#60564)
• Fix: don't tell the remote their token is lower (server#60573)
• Caldav party crasher (server#60592)
• Fix(appstore): show reason why limit app to groups is not possible (server#60597)
• Enh(occ): make it possible to add an arbitrary number of users to a g… (server#60599)
• Fix: add proper ACLs for trashbin proxys (server#60604)
• Fix(dav): Skip removal of classified activity when not generated anymore (server#60606)
• Fix(argon2): respect max value for hashingThreads (server#60609)
• Feat(core): app menu polish for NC34 (server#60610)
• Fix(Dav): make absenceform textarea not overlap (server#60613)
• Fix(files): use displayname rather than basename to use progress (server#60624)
• Feat(openmetrics): export more resilient if exception happens (server#60628)
• Chore(snowflake): add more randomness in server id fallback (server#60636)
• Fix: treat all WebKit iOS browseres the same (server#60637)

3rdparty

• Chore: Welcome stable34 (3rdparty#2436)

activity

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (activity#2594)
• Fix(bulkReceive): honour admin email toggle and ISetting notification defaults (activity#2609)
• Fix(MailQueueHandler): check enable_email toggle before sending queued emails (activity#2612)
• Fix(NotificationGenerator): catch InvalidArgumentException from notification setters in prepare() (activity#2613)

app_api

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (app_api#873)
• Fix: proxy route leading slash (app_api#875)
• Fix: normalize missing bruteforce_protection and headers_to_exclude on ExApp routes (app_api#884)

bruteforcesettings

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (bruteforcesettings#1100)

circles

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (circles#2476)
• Feat: add support for setting preview avatar for circle (circles#2487)

files_lock

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (files_lock#1082)
• Perf: cache negative results in LockSerivice::getLockForNodeIds (files_lock#1089)

logreader

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (logreader#2020)
• Feat: Remove unnecessary whitespaces (logreader#2026)

nextcloud_announcements

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (nextcloud_announcements#626)

photos

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (photos#3519)

text

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (text#8591)
• Test(playwright): await `setO(n|ff)line` in autosave tests (text#8610)
• Fix(code): don't apply inline code CSS rules to code blocks (text#8611)
• Chore(test): add test for 4480 (text#8614)
• Fix: allow dots in markdown link text (text#8622)
• Fix(folderDescription): fix max height in unfocused mode (text#8624)
• Fix(translate): use assistant app dialog (text#8629)
• Fix: several table button design fixes (text#8631)
• Chore: remove codecov (text#8633)

twofactor_totp

• Chore(CI): Adjust testing matrix for Nextcloud 34 on stable34 (twofactor_totp#1769)

v33.0.4rc1

Nextcloud 33.0.4

server

• Fix: allow renaming files with just update permissions (server#59241)
• Fix(encryption): limit oprhaned keys scan to one user (server#59808)
• Fix(s3): ignore prefixes with repeating delimiters (server#59829)
• Fix removed address book items not being synced between federated instances (server#59894)
• Fix(files): fix custom client-side error messages on move/copy actions (server#59954)
• Chore: Generate empty css entry points (server#59983)
• Feat: Better reporting if something is wrong with taskprocessing (server#59991)
• Fix: Harmonize login and passwordless login redirect behavior (server#60007)
• Fix(core): provide valid initial state also on public templates (server#60015)
• Test(cypress): clear state before user tests (server#60022)
• Fix(navigation): Fix default app icon (server#60133)
• Fix(files): escape html entities in dav search requests (server#60140)
• Fix(LocalPreviewStorage): Use correct regex to detect files in nested directory format (server#60143)
• Fix(comments): register event listener for typed comment events (server#60149)
• Fix(core): use btoa() instead of window.Buffer.from() for base64 encoding (server#60157)
• Fix: Dispatch old comment events (server#60168)
• Fix(comments): Add an action to comment notification that dismisses it (server#60175)
• Fix(core): prompt for password once when installing recommended apps (server#60184)
• Build: Remove testing app during packaging (server#60196)
• Feat(updatenotification): handle files_lock (server#60203)
• Chore: Increase page load timeout for oracle setup tests (server#60206)
• Fix(public.scss): increase footer width (server#60208)
• Fix: correct typo 'occured' to 'occurred' in SetupCheckManager (server#60210)
• Fix since checker (server#60219)
• Fix(settings): Fix admin delegation for hidden sections (server#60222)
• Fix: Fix permission issue when uploading a chunked file (server#60240)
• Feat(app-licenses): Add further compatible licenses for apps to use (server#60296)
• Fix(Setup): Ensure instanceid is generated during installation (server#60301)
• Test(cypress): Reduce flakiness (server#60302)
• Fix(http-client): detect brotli support via libcurl, not PHP extension (server#60309)
• Fix(s3): Add Content-MD5 header for DeleteObjects to fix AWS SDK v3.339.0+ compatibility (server#60322)
• Test(cypress): restore dashboard after app-limit test (server#60327)
• Fix(snowflake): fix wrong documentation about serverId (server#60328)
• Fix(files_sharing): apply link share password on first save (server#60329)
• Fix(UserConfig): cast getTypedValue() result to string in getValueBool() (server#60333)
• Perf(share): Remove useless order by id (server#60345)
• Remove unneeded sort when listing mail/federated shares (server#60356)
• Perf: remove unneeded sort in getFolderContentsById (server#60357)
• Fix(security): Update Expires time (server#60396)
• Fix(windmill): Fix baseUrl in background job (server#60468)
• Fix(workflowengine): use proper contrast colors for operations (server#60490)
• Fix(files_sharing): do not double escape special characters (server#60498)
• Fix error when creating mail shares if custom tokens are enabled (server#60509)
• Feat(users): Check assertion when enabling user (server#60516)
• Fix(files): only show template picker menu entries if possible (server#60522)
• Fix rendering custom columns in file lists (server#60526)
• Fix(OC_Helper): properly calculate quota of shared storages (server#60535)
• Fix(systemtags): Include leading slash in unified search tag link (server#60539)
• Don't put hashed password in share api response (server#60549)
• Fix: only allow full admins to create 'token needed' webhooks (server#60555)
• Fix: improve check if external storage backend is local (server#60559)
• Fix: handle NAT64 addresses in isLocalAddress (server#60565)
• Fix: don't tell the remote their token is lower (server#60574)
• Fix(AppStore/Fetcher): catch GenericFileException when reading cache file in Fetcher (server#60595)
• Enh(occ): make it possible to add an arbitrary number of users to a g… (server#60601)
• Fix: add proper ACLs for trashbin proxys (server#60603)
• Fix(dav): Skip removal of classified activity when not generated anymore (server#60605)
• Fix(argon2): respect max value for hashingThreads (server#60608)
• Fix(Dav): make absenceform textarea not overlap (server#60614)
• Fix(files): use displayname rather than basename to use progress (server#60625)
• Feat(openmetrics): export more resilient if exception happens (server#60627)
• Fix: Increase limit for share/unshare requests per hour (server#60633)
• Chore(snowflake): add more randomness in server id fallback (server#60635)
• Fix: treat all WebKit iOS browseres the same (server#60638)

activity

• Fix(cypress): improve e2e test stability on stable33 (activity#2561)
• Refactor: replace magic batch-time seconds with named constants (activity#2575)
• Refactor: clarify fileCreate() condition by making the specific case explicit (activity#2576)
• Refactor: flatten nesting with early returns (activity#2579)
• Refactor: flatten nesting with early returns in FilesHooks and ViewInfoCache (activity#2581)
• Fix(notifications): mark activity notifications as read when viewing file activities (activity#2606)
• Fix(bulkReceive): honour admin email toggle and ISetting notification defaults (activity#2608)
• Fix(MailQueueHandler): check enable_email toggle before sending queued emails (activity#2611)

app_api

• Fix(filesplugin): file actions invisible on NC33+ (registry mismatch, stable33) (app_api#856)
• Refactor: simplify enabled-state check in validateExAppRequestToNC (app_api#861)
• Fix(proxy): validate request path before forwarding to ExApp (app_api#868)
• Fix: proxy route leading slash (app_api#876)
• Fix: normalize missing bruteforce_protection and headers_to_exclude on ExApp routes (app_api#883)

[bruteforceset...

v32.0.10rc1

Nextcloud 32.0.10

server

• Feat(user_ldap): Add config for partial search compatibility with ActiveDirectory (server#58280)
• Fix: manually set modified time to SFTP files after editing (server#59499)
• Fix(files): only disable template creation when both skeleton directories are empty (server#59750)
• Fix(encryption): limit oprhaned keys scan to one user (server#59810)
• Fix removed address book items not being synced between federated instances (server#59893)
• Fix(files): internal drag and drop (server#59924)
• Fix reenabling system address book (server#59956)
• Feat: Better reporting if something is wrong with taskprocessing (server#59990)
• Fix: Harmonize login and passwordless login redirect behavior (server#60009)
• Fix(core): provide valid initial state also on public templates (server#60024)
• Fix(navigation): Fix default app icon (server#60132)
• Fix(files): escape html entities in dav search requests (server#60141)
• Fix(core): use btoa() instead of window.Buffer.from() for base64 encoding (server#60158)
• Fix(comments): Add an action to comment notification that dismisses it (server#60174)
• Fix(public.scss): increase footer width (server#60207)
• Fix(theming): fix broken custom images introduced by #58224 (server#60233)
• Fix(core): prompt for password once when installing recommended apps (server#60237)
• Fix: Fix permission issue when uploading a chunked file (server#60239)
• Feat(app-licenses): Add further compatible licenses for apps to use (server#60295)
• Fix(Setup): Ensure instanceid is generated during installation (server#60300)
• Test(cypress): Reduce flakiness (server#60303)
• Fix(s3): Add Content-MD5 header for DeleteObjects to fix AWS SDK v3.339.0+ compatibility (server#60321)
• Fix(files_sharing): apply link share password on first save (server#60330)
• Fix(settings): Fix missing import for strict mode of app password del… (server#60351)
• Fix(security): Update Expires time (server#60395)
• Fix error when creating mail shares if custom tokens are enabled (server#60510)
• Fix(files): only show template picker menu entries if possible (server#60521)
• Don't put hashed password in share api response (server#60550)
• Fix: only allow full admins to create 'token needed' webhooks (server#60556)
• Fix: improve check if external storage backend is local (server#60560)
• Fix: handle NAT64 addresses in isLocalAddress (server#60566)
• Fix: don't tell the remote their token is lower (server#60575)
• Fix(AppStore/Fetcher): catch GenericFileException when reading cache file in Fetcher (server#60594)
• Enh(occ): make it possible to add an arbitrary number of users to a g… (server#60600)
• Fix: add proper ACLs for trashbin proxys (server#60602)
• Fix(files): show proper information when a move will override the target (server#60615)
• Feat(users): Check assertion when enabling user (server#60618)
• Remove unneeded sort when listing mail/federated shares (server#60629)
• Fix: Increase limit for share/unshare requests per hour (server#60632)

activity

• Fix(cypress): improve e2e test stability on stable32 (activity#2560)
• Refactor: clarify fileCreate() condition by making the specific case explicit (activity#2577)
• Refactor: replace magic batch-time seconds with named constants (activity#2578)
• Refactor: flatten nesting with early returns (activity#2580)
• Fix(notifications): mark activity notifications as read when viewing file activities (activity#2605)
• Fix(MailQueueHandler): check enable_email toggle before sending queued emails (activity#2610)

app_api

• Refactor: simplify enabled-state check in validateExAppRequestToNC (app_api#862)
• Fix(proxy): validate request path before forwarding to ExApp (app_api#869)
• Fix: proxy route leading slash (app_api#877)

circles

• Feat: add search and limit support for team members list (circles#2461)

files_pdfviewer

• Fix: 🐛 Update pdf save to use correct dav path and credentials (files_pdfviewer#1439)

notifications

• Chore(deps): bump @nextcloud/browserlist-config to 3.1.2 (notifications#2984)
• Feat(push): Optionally use OAEP padding (notifications#2985)
• Chore(deps): npm run audit fix (notifications#2989)

photos

• Fix downloading files from public share (photos#3505)

serverinfo

• Fix(disk): ignore efivarfs pseudo-mount (serverinfo#986)
• Fix(php): include Zend extensions in loaded extensions list (serverinfo#988)

text

• Fix(workspace): reuse WorkspaceService file lookup in direct() (text#8509)
• Fix(LinkBubble): don't display dismiss edit button when read-only (text#8518)
• Center inserted images (text#8530)
• Build: do not include playwright folder in packaging (text#8532)
• Security: Unbounded `limit` parameter in user search can be abused for resource exhaustion (text#8579)
• Fix(code): don't apply inline code CSS rules to code blocks (text#8612)
• Fix(folderDescription): fix max height in unfocused mode (text#8626)

twofactor_totp

• Fix(migration): preserve state=2 secrets when cleaning up unverified … (twofactor_totp#1774)

viewer

• Fix: adjust z-index for color picker modals (viewer#3184)