NC 21 php-imagick SVG and security concerns

After upgrading to NC21, a warning is made to enable SVG support on php-imagick.

But on the doc, I also read that SVG support is disabled by default for security concerns, and is unsupported!
Previews configuration — Nextcloud latest Administration Manual latest documentation

This is for the thumbnails previews, but I imagine this is also right for the whole NC instance. So, is it really a good option to activate this support? And if yes, for what purpose?

Best regards

1 Like

Imagick is entirely unnecessary and is, ITSELF, the security concern. Not PDF or SVG. I think what you’re seeing is that thumbnails DO NOT use SVG, possibly UNLESS you have imagick with svg enabled.

If you uninstall imagick entirely, thumbnails will still work just fine.

It’s an unfortunate oversight to have a permanent warning about a missing library that was intentionally removed.

There is a long discussion about whether to keep using Imagick or not: Don't use Imagick in server, and don't recommend it · Issue #13099 · nextcloud/server · GitHub

Please contribute, as I think not doing anything about it for years keeps causing confusion like yours and requires appliance developers like me to explain again and again to our users why they see and should ignore that warning. Btw disabling the theming app mutes the warning, in case you use the default theme or dark theme from accessibility app.

1 Like