diff --git a/nextcloud-14.0.3.tar.bz2 b/nextcloud-14.0.3.tar.bz2
deleted file mode 100644
index 46a22de..0000000
--- a/nextcloud-14.0.3.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d7d0271238396ef53ed3806b8f5a3746170d4ebcaa030ad39735e886e7aed3ef
-size 49713609
diff --git a/nextcloud-14.0.4.tar.bz2 b/nextcloud-14.0.4.tar.bz2
new file mode 100644
index 0000000..489c228
--- /dev/null
+++ b/nextcloud-14.0.4.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4f5dd15a71694bd2f15fba0d2f942e5a5b1f5aba13511c507a23324d746b40e8
+size 49827498
diff --git a/nextcloud.changes b/nextcloud.changes
index 060d581..9f06a5f 100644
--- a/nextcloud.changes
+++ b/nextcloud.changes
@@ -1,3 +1,97 @@
+-------------------------------------------------------------------
+Thu Nov 22 16:56:26 UTC 2018 - ecsos@opensuse.org
+
+- update to 14.0.4
+  - Allow overwrite.cli.url without trailing slash (server#11772)
+  - Remove duplicate call to decodeURIComponent (server#11781)
+  - Check for empty string (server#11783)
+  - Add "Referrer-Policy" to htaccess file, addresses issue #11099
+    (server#11798)
+  - Always query the lookup server in a global scale setup 
+    (server#11800)
+  - Fix a case where "password_by_talk" was not a boolean
+    (server#11851)
+  - Add .l10nignore files for compiled assets (server#11925)
+  - Properly escape column name in "createFunction" call 
+    (server#11929)
+  - Allow userId to be null (server#11939)
+  - Allow "same-origin" as "Referrer-Policy" (Backport to stable14)
+    (server#11950)
+  - Do not emit preHooks twice on non-part-storage (server#11961)
+  - Filter null values for UserManager::getByEmail (server#11976)
+  - Allow local delivery of schedule message while prohibiting 
+    FreeBusy requests (server#11979)
+  - Load apps/APP/l10n/*.js and themes/THEME/apps/APP/l10n/*.js 
+    (server#11990)
+  - Lazy open first source stream in assemblystream (server#11994)
+  - Fix opening a section again in the Files app (server#11995)
+  - Remove cookies from Clear-Site-Data Header (server#12005)
+  - Forwarded ExpiredTokenException (server#12032)
+  - Allow chunked uploads even if your quota is not sufficient
+    (server#12040)
+  - Improve encrypt all / decrypt all (server#12045)
+  - Double check for failed cache with a shared storage 
+    (server#12108)
+  - Implement the size of an assembly stream (server#12111)
+  - Bring the browser window of an actor to the foreground when 
+    acting as him (server#12120)
+  - Move acceptance tests that crash the PHP built-in server to
+    Apache (server#12121)
+  - Remove unneeded empty search attribute values, fixes #12086 
+    (server#12122)
+  - Fixes wrong variable usage (server#12137)
+  - LDAP: announce display name changes so that addressbook picks 
+    it up (server#12141)
+  - Bruteforce protection handling in combination with 
+    (server#12160)
+  - Add global site selector as user back-end which doesn't support 
+    password confirmation (server#12184)
+  - Do not set indeterminate state for file shares (server#12187)
+  - Revert "Wait for cron to finish before running upgrade command" 
+    (server#12197)
+  - Fix bug #12151: fix list formatting by correcting malformed
+    html (server#12202)
+  - A folder should get a folder mimetype (server#12297)
+  - Use the proper server for the apptoken flow login
+    (server#12299)
+  - Do not log FileLock as exception (server#12300)
+  - Set the filemodel before rending the detailsview (server#12301)
+  - Disabled ldap fix (server#12331)
+  - Fix - Add to favorites not working in IE11 (server#12339)
+  - Remove arrow function for ie compatibility (server#12341)
+  - Fix default types of activity event member variables
+    (server#12353)
+  - Suppress wrong audit log messages about failed login attempts 
+    (server#12372)
+  - Add fix for IE11 flexbox height bug (server#12374)
+  - Properly search the root of a shared external storage 
+    (server#12375)
+  - Fix app update available check (server#12412)
+  - Use nextcloud-password-confirmation (server#12416)
+  - Fix IE rule for min width (server#12431)
+  - Added cache override to ensure an always up-to-date 
+    accessibility css (server#12432)
+  - Unique contraint and deadlock fixes for filecache and 
+    file_locks (server#12433)
+  - Fix app menu calculation for random size of the right header 
+    (server#12440)
+  - Fix missing quickaccess favorite folder on add (server#12441)
+  - Fixes dav share issue with owner (server#12459)
+  - Fix wrong share popover opening on share link (server#12482)
+  - Only use width and opacity for transition (server#12492)
+  - Forward object not found error in swift as dav 404 
+    (server#12502)
+  - Fix the warning appearing in the admin section when
+    mail_smtpmode is not configured (server#12529)
+  - Remove unused svg api route (server#12542)
+  - Bearer tokens are app token (server#12545)
+  - Handle permission in update of share better (server#12561)
+  - Correctly restrict affected users when using command to send 
+    emails (activity#312)
+  - Improve code blocks in markdown rendering (files_texteditor#121)
+  - Properly escape column name in "createFunction" call 
+    (survey_client#85)
+
 -------------------------------------------------------------------
 Fri Oct 12 16:35:32 UTC 2018 - ecsos@opensuse.org
 
diff --git a/nextcloud.spec b/nextcloud.spec
index 5094772..3e1325d 100644
--- a/nextcloud.spec
+++ b/nextcloud.spec
@@ -49,7 +49,7 @@
 %endif
 
 Name:           nextcloud
-Version:        14.0.3
+Version:        14.0.4
 Release:        0
 Summary:        File hosting service
 License:        AGPL-3.0-only