Description
openedon Dec 16, 2018
EDIT (SEO): The PHP module "imagick" is not enabled although the theming app is. For favicon generation to work correctly, you need to install and enable this module.
A few days ago it was brought up to my attention that using Imagick could have very negative effects on security. The Nextcloud snap decided to not using it due to that fact, and I've now mitigated the same threat(s) as well by not using it in the Nextcloud VM.
Here are the discussion regarding the decision in the Nextcloud snap, and I think it totally makes sense not to use it in the Nextcloud Server as well.
The situation now though is that it's recomended and the setup checks will inform the user that the package is missing. As Nextcloud is advertising it's secure, then why use a package that is prune to a lot of CVEs in the past?
Regarding alternatives I think this post sums it up quite well.
Please consider removing the recommendation in future versions, and please also consider replacing the use of Imagick with something better and more secure.
EDIT 2: We now install Imaginary as a replacement for this in the Nextcloud VM.