At the time of writing this, NextCloud has patched the authentication bypass vulnerability, while OwnCloud has chosen not to.