[Bug]: APCu cache conflict in case of multiple NC instances #55705
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
Since the upgrade to Nextcloud Hub 25 Autumn (version 32.0.0), we experience very strange regression issues. In particular the user might see a page of the OTHER Nextcloud instance.
Specifically the "App update required" page is shown on the other Nextcloud v32 instance, coming from the other NC instance. We know this, because of the HTML title as well as the footer text in the bottom. Showing the name of the other Nextcloud instance.
After much investigation, I finally pinned point the root-cause: APCu cache conflicts!
Steps to reproduce
- Use two NC v32 instances on the same server/VM. Sharing the same PHP FPM instance.
- Set
memcache.localto:\\OC\\Memcache\\APCuon both Nextcloud instances - Try to browse Nextcloud web UI on one of the instances (and the other as well), and notice occasionally (not all the time) seeing a "App update required" message coming from the other instance, displayed on the domain of the other NC instance.
WORKAROUND: I moved memcache.local to Redis cache on one of the instance to avoid cache conflicts. This resolved the issue. But is of course not the final solution.
Expected behavior
-
Never should the APCu cache cause conflicts with multiple NC instances. All the keys should be unique enough throughout the application to avoid cache conflicts.
-
Never display a webpage from one Nextcloud instance to another instance. This is a major security incident.
Nextcloud Server version
32
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.4
Web server
Nginx
Database engine version
MySQL
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"mydomain.com"
],
"default_timezone": "Europe\/Amsterdam",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "32.0.0.13",
"overwrite.cli.url": "https:\/\/mydomain.com",
"mysql.utf8mb4": true,
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"filelocking.enabled": "true",
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"dbindex": 0,
"timeout": 1.5
},
"default_language": "nl",
"default_locale": "nl_NL",
"default_phone_region": "NL",
"mail_sendmailmode": "smtp",
"mail_smtpmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "ssl",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"maintenance_window_start": 1,
"maintenance": false,
"theme": "",
"loglevel": 2,
"trashbin_retention_obligation": "auto, 60",
"updater.release.channel": "stable",
"skeletondirectory": "",
"defaultapp": "files",
"twofactor_enforced": "true",
"twofactor_enforced_groups": [],
"twofactor_enforced_excluded_groups": [
"admin"
],
"simpleSignUpLink.shown": false,
"config_preset": 8
}
}List of activated Apps
Enabled:
- activity: 5.0.0-dev.0
- admin_audit: 1.22.0
- bruteforcesettings: 5.0.0-dev.0
- calendar: 6.0.1
- circles: 32.0.0
- cloud_federation_api: 1.16.0
- contacts: 8.0.3
- contactsinteraction: 1.13.1
- dav: 1.34.2
- federatedfilesharing: 1.22.0
- files: 2.4.0
- files_antivirus: 6.0.6
- files_downloadlimit: 5.0.0-dev.0
- files_pdfviewer: 5.0.0-dev.0
- files_reminders: 1.5.0
- files_sharing: 1.24.0
- files_trashbin: 1.22.0
- files_versions: 1.25.0
- forms: 5.2.1
- guests: 4.5.2
- logreader: 5.0.0-dev.0
- lookup_server_connector: 1.20.0
- notifications: 5.0.0-dev.0
- oauth2: 1.20.0
- password_policy: 4.0.0-dev.0
- privacy: 4.0.0-dev.0
- profile: 1.1.0
- provisioning_api: 1.22.0
- recommendations: 5.0.0-dev.0
- related_resources: 3.0.0-dev.0
- serverinfo: 4.0.0-dev.0
- settings: 1.15.1
- sharebymail: 1.22.0
- suspicious_login: 10.0.0-dev.0
- systemtags: 1.22.0
- tables: 0.9.5
- tasks: 0.16.1
- text: 6.0.0-dev.0
- theming: 2.7.0
- twofactor_backupcodes: 1.21.0
- twofactor_totp: 14.0.0
- updatenotification: 1.22.0
- user_status: 1.12.0
- viewer: 5.0.0-dev.0
- webhook_listeners: 1.3.0
- workflowengine: 2.14.0
Disabled:
- app_api: 32.0.0 (installed 32.0.0)
- collectives: 3.2.0 (installed 3.2.0)
- comments: 1.22.0 (installed 1.19.0)
- dashboard: 7.12.0 (installed 7.8.0)
- encryption: 2.20.0
- federation: 1.22.0 (installed 1.19.0)
- files_external: 1.24.0
- firstrunwizard: 5.0.0-dev.0 (installed 2.18.0)
- nextcloud_announcements: 4.0.0-dev.0 (installed 1.18.0)
- photos: 5.0.0-dev.1 (installed 2.4.0)
- spreed: 22.0.0 (installed 22.0.0)
- support: 4.0.0-dev.0 (installed 1.11.0)
- survey_client: 4.0.0-dev.0 (installed 1.17.0)
- twofactor_nextcloud_notification: 6.0.0-dev.0
- user_ldap: 1.23.0
- weather_status: 1.12.0 (installed 1.8.0)Nextcloud Signing status
No errors have been found.Nextcloud Logs
{"reqId":"13y2b7VfRjEOPkFPLyvh","level":3,"time":"2025-10-11T11:15:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"EHgUslBdBdgBfRex8STV","level":3,"time":"2025-10-11T11:20:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"YaD7MettLmHxq3JdiOWU","level":3,"time":"2025-10-11T11:25:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"yb7OK7gQhSTvaLVztt7u","level":3,"time":"2025-10-11T11:30:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"aP2AowfJ64a15Np3PDhP","level":3,"time":"2025-10-11T11:35:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"9VLdAPHY1xRiWSJhKLbF","level":3,"time":"2025-10-11T11:40:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"EsbsndSXIb4Uyjbd3GJz","level":3,"time":"2025-10-11T11:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"bIxQA5eLSv4MMWenE5D9","level":3,"time":"2025-10-11T11:50:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"FloDxiQ1L9ejaavIeuK3","level":3,"time":"2025-10-11T11:55:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"zNaumAE1uvDKAIwWdZkc","level":3,"time":"2025-10-11T12:00:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"ATYgs3F291eN2SZlm1Bn","level":3,"time":"2025-10-11T12:05:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"km529DNpatNFwR2NR9rM","level":3,"time":"2025-10-11T12:10:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"voku\\helper\\UTF8::reduce_string_array(): Implicitly marking parameter $remove_short_values as nullable is deprecated, the explicit nullable type must be used instead at /var/www/cloud.melroy.org/html/apps/suspicious_login/vendor/voku/portable-utf8/src/voku/helper/UTF8.php#13827","userAgent":"--","version":"32.0.0.13","data":{"app":"PHP"}}
{"reqId":"NnKY3O9Dolia2kStaFM7","level":2,"time":"2025-10-11T12:15:42+00:00","remoteAddr":"","user":"--","app":"news","method":"","url":"--","message":"https://www.rtlnieuws.nl/rss/podcast.xml/4297036 read error : Client error: `GET https://www.rtlnieuws.nl/rss/podcast.xml/4297036` resulted in a `404 Not Found` response:\n<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1. (truncated...)\n","userAgent":"--","version":"32.0.0.13","data":{"app":"news"}}Additional info
Nextcloud log errors above are unrelated, but added here for completeness.
