From 78f022e79133c514c3da3a220713451722284b54 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Tue, 5 Jan 2021 22:31:06 +0100
Subject: nextcloud: improve documentation on defaults

* It should be made explicit in the eval-error that the CVE only affects
  a component which is turned off by default.
* For more clarity, the default version used by the module is noted in
  the manual.

Closes #108419
---
 pkgs/servers/nextcloud/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'pkgs/servers/nextcloud')

diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix
index 8d4b52a015932..a1c38cdbe28d7 100644
--- a/pkgs/servers/nextcloud/default.nix
+++ b/pkgs/servers/nextcloud/default.nix
@@ -53,7 +53,7 @@ in {
     version = "19.0.6";
     sha256 = "sha256-pqqIayE0OyTailtd2zeYi+G1APjv/YHqyO8jCpq7KJg=";
     extraVulnerabilities = [
-      "Nextcloud 19 is still supported, but CVE-2020-8259 & CVE-2020-8152 are unfixed!"
+      "Nextcloud 19 is still supported, but CVE-2020-8259 & CVE-2020-8152 are unfixed! Please note that both CVEs only affect the file encryption module which is turned off by default. Alternatively, `pkgs.nextcloud20` can be used."
     ];
   };
 
-- 
cgit 1.4.1