Nextcloud v33.0.2 released on 02-04-2026
Nextcloud v33.0.2 is out now. It delivers security hardening and critical fixes that administrators should apply promptly to address potential information disclosure, cross-site scripting and privilege escalation in specific code paths.
See the full release notes on GitHub for details, including mitigation and verification steps for admins and practical upgrade guidance: Nextcloud v33.0.2 release.
What’s in this release
- Security hardening: fixes that address information disclosure, cross-site scripting and privilege escalation in specific code paths.
- Files, sharing and sync improvements: corrections for stale or incorrect share permissions, file locking and rename edge-cases, better handling of large folders during scans and changes that reduce sync client conflicts.
- Admin, LDAP and authentication updates: improved LDAP/AD user and group mapping reliability, fixes to session and token handling, and corrections for two-factor and SSO flows affecting login and provisioning.
Upgrade notes
- API compatibility and deprecated behaviours: app authors should check third-party compatibility before upgrading; back up your instance, run migrations and cron after the update and follow the troubleshooting tips in the release notes.
- Rollback guidance: if a revert is required, restore from a backup taken before the upgrade and verify authentication and cron tasks are functioning once restored.
Please share your experience on the GitHub release page or file an issue if you encounter problems after upgrading.