Does using imagick for theming poses a security risk


I followed the documention for theming (using the theming app) and installed imagick.
In my dockerfile:

RUN apt-get update && apt-get install -y
RUN pecl install imagick
RUN docker-php-ext-enable imagick

That works fine and I get cool favicons. However, I read that thumbnail generation in nextcloud is dangerous with that provider. Did it get enabled? I don’t see thumbnails for my svg in my files, so I suspect it is ok, but I want to make sure!



After some more searching through the docs the answer is no, there is no (significant) additional security risk.
The imagick lib is only used for the logo (which we provide so that’s ok).
To enable preview generation we would have to add an entry in enabledPreviewProviders of config.php. Which is not required for the theming to work.