core
ownCloud Core is a self-hosted file storage and synchronization platform with support for file sharing, WebDAV, CalDAV, and CardDAV. Licensed under AGPL-3.0, it is trusted by over 200 million users and provides a plugin-based architecture for extensibility.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | owncloud/core |
| Owner | owncloud |
| Primary language | PHP |
| License | AGPL-3.0 — OSI-approved |
| Stars | 8.8k |
| Forks | 2.1k |
| Open issues | 142 |
| Latest release | v10.16.3 (2026-06-16) |
| Last updated | 2026-07-07 |
| Source | https://github.com/owncloud/core |
What core is
PHP-based server component providing file storage, REST API, user/group management, encryption, and external storage backends. Supports MySQL, MariaDB, PostgreSQL, and SQLite; includes WebDAV/CalDAV/CardDAV protocol servers and a comprehensive plugin architecture. Latest release v10.16.3 (June 2026); active development with Docker distribution.
Get the core source
Clone the repository and explore it locally.
git clone https://github.com/owncloud/core.gitcd core# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Require PHP v7.4+ (or version specified in latest docs), Composer v2, Node.js v14+, Yarn for development builds; production deployment via Docker recommended to simplify dependency management.
- Database choice (MySQL/MariaDB/PostgreSQL/SQLite) impacts performance, backup strategy, and scaling; PostgreSQL recommended for production deployments >500 users.
- Encryption support requires careful key management strategy; plaintext storage poses data loss risk. Plan encryption at rest and in-transit before user data is onboarded.
- WebDAV/CalDAV/CardDAV protocols require client configuration per device type; test with intended clients (macOS Finder, iOS, Thunderbird, etc.) early to avoid user friction.
- Plugin ecosystem extends core functionality but introduces maintenance risk; audit community/third-party plugins for security issues, license compatibility (AGPL obligation), and ongoing support.
When to avoid it — and what to weigh
- Proprietary/Closed-Source Requirement — ownCloud Core is AGPL-3.0 licensed (strong copyleft). Commercial use requires either compliance with AGPL obligations or separate commercial licensing from Kiteworks/ownCloud; unsuitable for projects requiring closed-source derivatives.
- Low DevOps/System Administration Resources — Self-hosted deployment, database management, SSL/TLS configuration, backup/recovery, and monitoring are operator responsibilities. Requires dedicated infrastructure and systems knowledge; unsuitable for teams without sysadmin capacity.
- Rapid Scaling to Millions of Concurrent Users — ownCloud Core is optimized for enterprise/organizational scale, not hyperscale SaaS. Architecture may require significant optimization for distributed deployments serving millions of simultaneous users.
- Uncertain AGPL Compliance Tolerance — AGPL-3.0 imposes source-disclosure obligations if the software is networked. Organizations uncomfortable with copyleft licensing or legal review of proprietary derivative works should avoid or seek explicit licensing from Kiteworks.
License & commercial use
ownCloud Core is licensed under GNU Affero General Public License v3.0 (AGPL-3.0), a strong copyleft license. AGPL requires that if the software is networked or offered as a service, source code must be made available to users. The LICENSE file and COPYING are the authority. The OSPO (Kiteworks) is driving relicensing toward Apache 2.0 but this repository is currently AGPL-3.0. License migration prerequisites include CLA/DCO coverage, dependency audit, and full relicensing of files.
AGPL-3.0 is Category X per Apache policy and imposes network copyleft obligations. Commercial use (including private/closed-source deployments) requires either: (1) strict AGPL compliance including source disclosure, or (2) separate commercial license from Kiteworks/ownCloud. Contact [email protected] or owncloud.com for licensing clarification before commercial deployment. No permissive OSI license; legal review mandatory for proprietary contexts.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | High |
| DEV.co fit | Good |
| Assessment confidence | High |
AGPL-3.0 license and open-source model support community security review, but no independent audit, CVE disclosure cadence, or security posture claims are provided in data. Encryption support is mentioned but key management, certificate handling, and TLS version requirements are not detailed. Vulnerability reporting directed to security.owncloud.com and bug bounty via YesWeHack indicates responsible disclosure policy. Deployer bears responsibility for: secure configuration, OS/PHP/database patching, network isolation, and monitoring. No claims of FIPS, SOC 2, or compliance certifications are made. Evaluate threat model (internal vs. internet-facing) and risk tolerance before production deployment.
Alternatives to consider
Nextcloud
Feature-parity self-hosted file sync/share; AGPL-licensed with similar copyleft obligations. Nextcloud has stronger ecosystem momentum and more active third-party app development, but similar deployment complexity and licensing constraints.
Self-hosted alternative with simpler deployment (Go backend) and dual-license model (GPLv2 + commercial). Smaller ecosystem; may suit teams prioritizing operational simplicity over plugin extensibility.
Microsoft SharePoint (On-Premises / Online)
Proprietary enterprise file/collaboration platform with integrated Microsoft ecosystem (Teams, Office 365). Requires Windows/SQL Server; high licensing cost but includes vendor support, compliance certifications, and advanced governance. No AGPL obligations.
Build on core with DEV.co software developers
ownCloud Core is suitable for enterprises prioritizing data sovereignty and federated collaboration. Confirm AGPL licensing compliance, infrastructure capacity, and commercial licensing needs before deployment. Contact Kiteworks OSPO ([email protected]) for commercial use clarification.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
core FAQ
Can we use ownCloud Core commercially without open-sourcing our customizations?
Is ownCloud Core still actively developed, or is it deprecated?
What are the minimum infrastructure requirements for a production deployment?
Does ownCloud Core support SSO/LDAP/Active Directory?
Software developers & web developers for hire
Need help beyond evaluating core? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.
Evaluate ownCloud Core for Your Organization
ownCloud Core is suitable for enterprises prioritizing data sovereignty and federated collaboration. Confirm AGPL licensing compliance, infrastructure capacity, and commercial licensing needs before deployment. Contact Kiteworks OSPO ([email protected]) for commercial use clarification.