[Bug]: Wonky update 31.0.11 -> 31.0.12 #702
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
When upgrading from 31.0.11 to 31.0.12, I came across a stuck pre-updater / downloader stage. After starting the updater from settings, the pre update checklist was already marked as done and the start upgrade button just redirected to the main root url without doing anything.
occ upgrade says no update in queue, occ update:check says 1 update available.
The updater.log had this:
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] end of checkForUpdate() Update to Nextcloud 31.0.12 available. (channel: "stable")<br /><span class="light">Following file will be downloaded automatically:</span> <code class="light">https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.zip</code><br /><a class="external_link" href="https://nextcloud.com/changelog/#31-0-12" target="_blank" rel="noreferrer noopener">Open changelog ↗</a>
Somehow HTML leaked into it.
After removing update cache and trying again, it went through.
But there is still HTML leaking into the log.
Other artifacts were, that the updater site often lost its access token at most 2 minutes.
The github search does not even find checkForUpdate() in the repo. Where does it come from?
Debugging Nextcloud is really not something nice to do.
Might want to check if this is a command injection vector. I can't bother with hackerone for something that is likely a nothingburger.
2025-12-12T06:01:24+0000 zdKCq9tvI0 [info] getChangelogURL()
2025-12-12T06:01:24+0000 zdKCq9tvI0 [info] end of checkForUpdate() Update to Nextcloud 31.0.12 available. (channel: "stable")<br /><span class="light">Following file will be downloaded automatically:</span> <code class="light">https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.zip</code><br /><a class="external_link" href="https://nextcloud.com/changelog/#31-0-12" target="_blank" rel="noreferrer noopener">Open changelog ↗</a>
Full updater.log context:
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] checkForUpdate() Array
(
[version] => 31.0.12.3
[versionstring] => Nextcloud 31.0.12
[url] => https://download.nextcloud.com/server/releases/nextcloud-31.0.12.zip
[downloads] => SimpleXMLElement Object
(
[bz2] => Array
(
[0] => https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2
[1] => https://download.nextcloud.com/server/releases/nextcloud-31.0.12.tar.bz2
)
[zip] => Array
(
[0] => https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.zip
[1] => https://download.nextcloud.com/server/releases/nextcloud-31.0.12.zip
)
)
[web] => https://docs.nextcloud.com/server/31/admin_manual/maintenance/upgrade.html
[changes] => https://updates.nextcloud.com/changelog_server/?version=31.0.12
[autoupdater] => 1
[eol] => 0
[eolDate] => 2026-02-25
[signature] => m1btp6M0rY0SbPX+55PqRhnWyY5kEyy2Kf8Y5rCysJ+TjCMNUfcIwTwy7m6qw23z
YQjJcuSfWA09ZkSfqfrOOF+ksJVGlmKtp3WGUX+N5db15yYSf4uXrsnXT0cu9vUW
0HTHHUWWAVP7plmGlJKUAcMcaQXJEVzBX+l6zY3aWFQa81sY/m9deXOhkyJrkZzy
EhlTo3qYXRbNpGm+maBpY9G3IIJCKpkG1rtlYHCw2aLomofYSwTEpMzc45ZvvgcQ
mC8yMN/lFsxdMRucTLOE+vkfyjkzVxOM04BXQVDjMdi/e2AvGEDCyhdkrgks+1Kv
dmpirBelKrbRFHO+Fe1yrg==
)
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] getUpdateServerResponse()
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] updaterServer: https://updates.nextcloud.com/updater_server/
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] releaseChannel: stable
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] internal version: 31.0.11.2
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] updateURL: https://updates.nextcloud.com/updater_server/?version=31x0x11x2xxxstablexx2025-11-20T10%3A02%3A59%2B00%3A00+b883fe276498a48863b61cdaaaca5eb51823504fx8x4x11
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] getUpdateServerResponse response: Array
(
[version] => 31.0.12.3
[versionstring] => Nextcloud 31.0.12
[url] => https://download.nextcloud.com/server/releases/nextcloud-31.0.12.zip
[downloads] => SimpleXMLElement Object
(
[bz2] => Array
(
[0] => https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2
[1] => https://download.nextcloud.com/server/releases/nextcloud-31.0.12.tar.bz2
)
[zip] => Array
(
[0] => https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.zip
[1] => https://download.nextcloud.com/server/releases/nextcloud-31.0.12.zip
)
)
[web] => https://docs.nextcloud.com/server/31/admin_manual/maintenance/upgrade.html
[changes] => https://updates.nextcloud.com/changelog_server/?version=31.0.12
[autoupdater] => 1
[eol] => 0
[eolDate] => 2026-02-25
[signature] => m1btp6M0rY0SbPX+55PqRhnWyY5kEyy2Kf8Y5rCysJ+TjCMNUfcIwTwy7m6qw23z
YQjJcuSfWA09ZkSfqfrOOF+ksJVGlmKtp3WGUX+N5db15yYSf4uXrsnXT0cu9vUW
0HTHHUWWAVP7plmGlJKUAcMcaQXJEVzBX+l6zY3aWFQa81sY/m9deXOhkyJrkZzy
EhlTo3qYXRbNpGm+maBpY9G3IIJCKpkG1rtlYHCw2aLomofYSwTEpMzc45ZvvgcQ
mC8yMN/lFsxdMRucTLOE+vkfyjkzVxOM04BXQVDjMdi/e2AvGEDCyhdkrgks+1Kv
dmpirBelKrbRFHO+Fe1yrg==
)
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] getChangelogURL()
2025-12-12T05:51:24+0000 rZ4wQBuP0B [info] end of checkForUpdate() Update to Nextcloud 31.0.12 available. (channel: "stable")<br /><span class="light">Following file will be downloaded automatically:</span> <code class="light">https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.zip</code><br /><a class="external_link" href="https://nextcloud.com/changelog/#31-0-12" target="_blank" rel="noreferrer noopener">Open changelog ↗</a>
2025-12-12T05:56:12+0000 6gopU0JKpa [info] request to updater
2025-12-12T05:56:12+0000 6gopU0JKpa [info] currentStep()
2025-12-12T05:56:12+0000 6gopU0JKpa [info] show HTML page
2025-12-12T05:56:12+0000 6gopU0JKpa [info] current version: 31.0.11 build time: 2025-11-20T10:02:59+00:00 b883fe276498a48863b61cdaaaca5eb51823504f
Steps to reproduce
Look at other 31.0.11 to 32.0.12 upgrade attempts.
Expected behavior
upgrader finds update and does its things
Nextcloud Server version
31
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.4
Web server
Apache (supported)
Database engine version
PostgreSQL
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"lol.no.thiswillnotbe.public"
],
"overwrite.cli.url": "https:\/\/lol.no.thiswillnotbe.public\/",
"htaccess.RewriteBase": "\/",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "31.0.12.3",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "5432",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"dbpersistent": "true",
"installed": true,
"default_language": "de_DE",
"default_locale": "de_DE",
"default_phone_region": "DE",
"default_timezone": "Europe\/Berlin",
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0
},
"maintenance_window_start": 1,
"maintenance": false,
"theme": "",
"loglevel": 0,
"app_install_overwrite": [
"files_fulltextsearch_tesseract",
"mail_roundcube"
],
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_sendmailmode": "smtp",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"forbidden_filenames": [
".htaccess"
],
"forbidden_filename_basenames": [
"con",
"prn",
"aux",
"nul",
"com0",
"com1",
"com2",
"com3",
"com4",
"com5",
"com6",
"com7",
"com8",
"com9",
"com\u00b9",
"com\u00b2",
"com\u00b3",
"lpt0",
"lpt1",
"lpt2",
"lpt3",
"lpt4",
"lpt5",
"lpt6",
"lpt7",
"lpt8",
"lpt9",
"lpt\u00b9",
"lpt\u00b2",
"lpt\u00b3"
],
"forbidden_filename_characters": [
"<",
">",
":",
"\"",
"|",
"?",
"*",
"\\",
"\/"
],
"forbidden_filename_extensions": [
" ",
".",
".filepart",
".part"
],
"defaultapp": "files",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"files.chunked_upload.max_size": 104857600
}
}List of activated Apps
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- collectives: 3.4.0
- contactsinteraction: 1.12.1
- dav: 1.33.0
- federatedfilesharing: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.2
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- groupfolders: 19.1.12
- impersonate: 2.0.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- nextcloud_announcements: 3.0.0
- notifications: 4.0.0
- notify_push: 1.2.1
- oauth2: 1.19.1
- password_policy: 3.0.0
- polls: 8.5.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- related_resources: 2.0.0
- richdocuments: 8.7.7
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- systemtags: 1.21.1
- text: 5.0.2
- theming: 2.6.1
- twofactor_admin: 4.9.0
- twofactor_backupcodes: 1.20.0
- twofactor_totp: 13.0.0-dev.0
- twofactor_webauthn: 2.4.1
- updatenotification: 1.21.0
- user_status: 1.11.0
- viewer: 4.0.0
- webhook_listeners: 1.2.0
- workflowengine: 2.13.0
Disabled:
- admin_audit: 1.21.0
- comments: 1.21.0 (installed 1.19.0)
- dashboard: 7.11.0 (installed 7.9.0)
- encryption: 2.19.0
- federation: 1.21.0 (installed 1.19.0)
- files_external: 1.23.0
- files_fulltextsearch: 31.0.0 (installed 31.0.0)
- fulltextsearch: 31.0.1 (installed 31.0.1)
- fulltextsearch_elasticsearch: 31.0.0 (installed 31.0.0)
- notes: 4.12.4 (installed 4.12.4)
- photos: 4.0.0 (installed 2.5.0)
- recommendations: 4.0.0 (installed 2.1.0)
- support: 3.0.0 (installed 1.12.0)
- survey_client: 3.0.0 (installed 1.17.0)
- suspicious_login: 9.0.1
- twofactor_nextcloud_notification: 5.0.0
- user_ldap: 1.22.0
- weather_status: 1.11.0 (installed 1.9.0)Nextcloud Signing status
No errors have been found.Nextcloud Logs
See main field.
Main log may have interesting things. But it is too much logspam to check now. One of them was that near that time GuzzleHTTP could not fetch data/.ncdata from itself because it could not connect to port 80 on itself. No idea why it tries port 80. The protocol in config is set to https.
Either hoster fluke or trying the wrong port.
It is a single host instance.
The A/AAAA records have the hosts own global scope ips. There is no proxying across different hosts. Local DNS resolution works.
The apache config says that port 80 redirects.
But for some reason nothing listens on 80 but apache listens on 8080.
Weird. May or may not be transitively related.
Additional info
No response