Updating PHP to avoid Nextcry ransomware

  • Hi,

    I have just seen that Nextcloud is vulnerable with Nextcry ransomware because of PHP security breach :

    They say to update php to the latest version in order to close the vulnerability.

    Could you tell me how to update PHP on my OMV system without losing my configuration ? I have few other Docker containers (Home Assistant, JDownloader, AirSonic, NextCloud, ...) and I don't want to break anything.


    • Official Post

    They say that servers running nextcloud should update.

    So make sure you keep your nextcloud docker updated and running the latest everything.

    Also make sure that you keep OMV updated. And other dockers.

    If you try to manually update stuff inside OMV, make sure that you have good backups first. And plenty of time to restore them. Otherwise you may loose data. Just as if you had been infected with nextcry. Only self-inflicted.

    • Official Post

    You ALWAYS need good backups.

    But I have so far never had any problem with the normal upgrades. Sometimes it might not complete correctly, failed to fetch some packages or what not, but running update again always fixed it.

    It is much more risky installing new software or changing the OMV configuration. Then I usually update the clone of my rootfs drive first. Typically update a image of the SD card using my laptop. If needed I can then quickly recreate the current working configuration if changes should break it.

    I have had a lot of use for clones of the rootfs like this. But not recently. Now I am more careful and able to avoid some of the most stupid mistakes. Who said old cats can't learn?

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!