diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2021-01-05 22:31:06 +0100 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2021-01-05 22:32:05 +0100 |
commit | 78f022e79133c514c3da3a220713451722284b54 (patch) | |
tree | e8a174191ba2de729276793eee7fc7059bf813c5 | |
parent | f35bf8ef29d2bd9e4f1a915202de355e126a9ffd (diff) |
nextcloud: improve documentation on defaults
* It should be made explicit in the eval-error that the CVE only affects a component which is turned off by default. * For more clarity, the default version used by the module is noted in the manual. Closes #108419
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.xml | 6 | ||||
-rw-r--r-- | pkgs/servers/nextcloud/default.nix | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 02e4dba286108..f71c8df6c6d48 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -10,6 +10,10 @@ <link linkend="opt-services.nextcloud.enable">services.nextcloud</link>. A desktop client is packaged at <literal>pkgs.nextcloud-client</literal>. </para> + <para> + The current default by NixOS is <package>nextcloud20</package> which is also the latest + major version available. + </para> <section xml:id="module-services-nextcloud-basic-usage"> <title>Basic usage</title> @@ -210,7 +214,7 @@ nextcloud17 = generic { version = "17.0.x"; sha256 = "0000000000000000000000000000000000000000000000000000"; - insecure = true; + eol = true; }; }</programlisting> </para> diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix index 8d4b52a015932..a1c38cdbe28d7 100644 --- a/pkgs/servers/nextcloud/default.nix +++ b/pkgs/servers/nextcloud/default.nix @@ -53,7 +53,7 @@ in { version = "19.0.6"; sha256 = "sha256-pqqIayE0OyTailtd2zeYi+G1APjv/YHqyO8jCpq7KJg="; extraVulnerabilities = [ - "Nextcloud 19 is still supported, but CVE-2020-8259 & CVE-2020-8152 are unfixed!" + "Nextcloud 19 is still supported, but CVE-2020-8259 & CVE-2020-8152 are unfixed! Please note that both CVEs only affect the file encryption module which is turned off by default. Alternatively, `pkgs.nextcloud20` can be used." ]; }; |