I am currently running Nextcloud Hub 25 (version 32.0.6) and a recent scan has flagged the vulnerability CVE‑2026‑27601 (Underscore.js Denial of Service).
Could you please confirm:
Whether this vulnerability is addressed in any 32.x maintenance release (e.g., 32.0.7 or later), either via an updated Underscore.js version or a backported patch?
If not, is it safe to manually update the bundled Underscore.js library, or would this risk breaking compatibility with Nextcloud core or installed apps?
I am currently running Nextcloud Hub 25 (version 32.0.6) and a recent scan has flagged the vulnerability CVE‑2026‑27601 (Underscore.js Denial of Service).
Could you please confirm:
Whether this vulnerability is addressed in any 32.x maintenance release (e.g., 32.0.7 or later), either via an updated Underscore.js version or a backported patch?
If not, is it safe to manually update the bundled Underscore.js library, or would this risk breaking compatibility with Nextcloud core or installed apps?