Contacts 4.5.59 May 2026
Eventually, you may need to move your data. Here is the most reliable migration path.
All are slated for fix in version 4.5.60 or 4.6.0. contacts 4.5.59
| Area | Status | Remarks |
|------|--------|---------|
| XSS (reflected) | Mitigated | Output encoding applied to all contact fields |
| CSRF | Not applicable | Relies on Nextcloud’s request token |
| SQL injection | Not applicable | No direct DB queries; uses DAV abstraction |
| File upload (photo) | Safe | MIME validation + resize on server |
| vCard parsing | Robust | Uses sabre/vobject 4.x, fuzzed regularly | Eventually, you may need to move your data
No known exploits exist for version 4.5.59 as of report date. | Area | Status | Remarks | |------|--------|---------|
Contacts 4.5.59 delivers targeted improvements to contact syncing, duplicate management, and UI responsiveness. This release focuses on enhancing reliability for users with large address books (5,000+ contacts) and improving integration with third-party messaging apps.
Symptoms: The “Find Duplicates” function pegs one CPU core at 100% for hours when handling over 10,000 contacts.
Root Cause: A known O(n²) algorithm in version 4.5.59 for pairwise comparison, which is inefficient for large address books.
Fix: Export your contacts to CSV, deduplicate using a modern tool (like dupeGuru or a Python script with pandas), then re-import. Do not use the built-in deduplicator.