nextcloud: improve documentation on defaults

* It should be made explicit in the eval-error that the CVE only affects
  a component which is turned off by default.
* For more clarity, the default version used by the module is noted in
  the manual.

Closes #108419
This commit is contained in:
Maximilian Bosch 2021-01-05 22:31:06 +01:00
parent f35bf8ef29
commit 78f022e791
No known key found for this signature in database
GPG Key ID: 091DBF4D1FC46B8E
2 changed files with 6 additions and 2 deletions

View File

@ -10,6 +10,10 @@
<link linkend="opt-services.nextcloud.enable">services.nextcloud</link>. A
desktop client is packaged at <literal>pkgs.nextcloud-client</literal>.
</para>
<para>
The current default by NixOS is <package>nextcloud20</package> which is also the latest
major version available.
</para>
<section xml:id="module-services-nextcloud-basic-usage">
<title>Basic usage</title>
@ -210,7 +214,7 @@
nextcloud17 = generic {
version = "17.0.x";
sha256 = "0000000000000000000000000000000000000000000000000000";
insecure = true;
eol = true;
};
}</programlisting>
</para>

View File

@ -53,7 +53,7 @@ in {
version = "19.0.6";
sha256 = "sha256-pqqIayE0OyTailtd2zeYi+G1APjv/YHqyO8jCpq7KJg=";
extraVulnerabilities = [
"Nextcloud 19 is still supported, but CVE-2020-8259 & CVE-2020-8152 are unfixed!"
"Nextcloud 19 is still supported, but CVE-2020-8259 & CVE-2020-8152 are unfixed! Please note that both CVEs only affect the file encryption module which is turned off by default. Alternatively, `pkgs.nextcloud20` can be used."
];
};