tianon
commented
3 years ago My experience with it was in the context of Ghost via "sharp" requiring too new of a libvips (Debian Buster has 8.7 and they required 8.9+) which caused a host of issues for getting it successfully installed, so I'd suggest surveying what version of libvips is available in the expected target environments and ensuring the lowest common denominator meets the needs of the project before committing (but that's just my 2c; no real stake here :innocent:).
enoch85
PVince81
adripo
solracsf
Fuseteam
EDIT (SEO): The PHP module "imagick" is not enabled although the theming app is. For favicon generation to work correctly, you need to install and enable this module.
A few days ago it was brought up to my attention that using Imagick could have very negative effects on security. The Nextcloud snap decided to not using it due to that fact, and I've now mitigated the same threat(s) as well by not using it in the Nextcloud VM.
Here are the discussion regarding the decision in the Nextcloud snap, and I think it totally makes sense not to use it in the Nextcloud Server as well.
The situation now though is that it's recomended and the setup checks will inform the user that the package is missing. As Nextcloud is advertising it's secure, then why use a package that is prune to a lot of CVEs in the past?
Regarding alternatives I think this post sums it up quite well.
Please consider removing the recommendation in future versions, and please also consider replacing the use of Imagick with something better and more secure.
EDIT 2: We now install Imaginary as a replacement for this in the Nextcloud VM.