Lists follow. The only app I remember intentionally installing (not including the base set) is ādeckā. The webserverās Apache 2.4.63, PHP is 8.2.28, Iām using PHP-FPM.
In terms of timing, these files appeared while I was running Nextcloud 31.0.4; I noticed them when I upgraded to 31.0.5.
Just had the same issue on FreeBSD (nginx+php-fpm), was made aware by the nextcloud updater from 31.0.4 ā 31.0.5
This made me an headache as I assumed, this might have been some artifact of an (hopefully unsuccessful) attack. Considering the attack surface of inkscape, my theory was, that an attacker tried to use inkscape for further actions⦠Good, that I had no inkscape installed in my nextcloud-jail.
Unfortunately, I canāt tell in which version the files started to appear. I do know that they appear as soon as I load any page. The file is always created when I refresh the page using F5. I believe this is related to the svg image type.
This does further suggest to me that this is somehow associated with ImageMagick. My understanding is that some versions / configurations of ImageMagick try to utilize Inkscape for SVG files.
ImageMagick is used by PHPās Imagick.
Nextcloud utilizes PHP Imagick (if installed), but does not call Inkscape in any way directly.
Beyond that I donāt know why youād be seeing these files, let alone seeing them in the root installation folder of Nextcloud.
My research suggests that ImageMagickās temporary/work files are generally always called magick-[random_string]. So the naming scheme doesnāt seem to match that, but perhaps there are some ways of modifying that and/or scenarios where a different scheme is used.
As for these ending up in the installation folder, perhaps a non-default default temp directory configured somewhere?
Keep in mind that for the most part the prior to bits arenāt under the control of Nextcloud itself. Also, this doesnāt seem to be a universal problem. So identifying the culprit is starting to sound like looking at the broader environment your Nextcloud instance is running in.
So some ideas:
Check temporary directory related settings of the host, container, web server, PHP, etc
Check the specific versions (+package sources since compile time options could be a factor) of ImageMagick installed (and maybe compare against others experiencing the same behavior)
Who knows whatās happening when clicking on the install button for Nextcloud on an Asustor NAS.
I can only say that much: I would never ever install āappsā like Nextcloud through a propertary App Store of commercial NAS, unless maybe itās documented in detail what happens when clicking on that install button.
A better option would probably be to spin upo a VM, and then use one of the officially supported installation methods:
I see these files in my installation directory too. I grepāed āinkscapeā and got a result in [nextcloud-dir]/apps/maps/css/images.
maps_black.svg, marker-icon-bg.svg and marker-icon.svg contain a lot of references to inkscape.
The files appear, when I login in Firefox and nextcloud presents the dashboard. Every time I try this, new files appear.
I run NC 31.0.6 fully updated on an ASUSTOR AS6704T and it is a manual installed version.