Thanks for the reply. Yes I’ve seen this thread. I’d particularly taken note of the comment about using a deprecated php-mcrypt in relation to security! The writing seems to have been on the wall about problems with mycrypt for a long time (given absence of maintenance). The position seems to be “nothing to worry about”. In this case could the docs be updated so users can run an install with php7.2 (not 7.0 - as I’ve done to stick with the guidance)? The messages I’m getting are not consistent (e.g., from you – thanks! – and others (i.e., ‘go ahead this depedency is not going to affect unless using SAML’) - and - NC (who on the web install are pushing php7.0. Users (in the thread you sent or another) are avoiding installs because of this issue.
Sorry to bang on but security around NC makes me nervous!