nextcloud: improve documentation on defaults

* It should be made explicit in the eval-error that the CVE only affects a component which is turned off by default. * For more clarity, the default version used by the module is noted in the manual. Closes #108419
author: Maximilian Bosch <maximilian@mbosch.me> 2021-01-05 22:31:06 +0100
committer: Maximilian Bosch <maximilian@mbosch.me> 2021-01-05 22:32:05 +0100
commit: 78f022e79133c514c3da3a220713451722284b54 (patch)
tree: e8a174191ba2de729276793eee7fc7059bf813c5 /pkgs/servers/nextcloud/default.nix
parent: f35bf8ef29d2bd9e4f1a915202de355e126a9ffd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix
index 8d4b52a01593..a1c38cdbe28d 100644
--- a/pkgs/servers/nextcloud/default.nix
+++ b/pkgs/servers/nextcloud/default.nix
@@ -53,7 +53,7 @@ in {
     version = "19.0.6";
     sha256 = "sha256-pqqIayE0OyTailtd2zeYi+G1APjv/YHqyO8jCpq7KJg=";
     extraVulnerabilities = [
-      "Nextcloud 19 is still supported, but CVE-2020-8259 & CVE-2020-8152 are unfixed!"
+      "Nextcloud 19 is still supported, but CVE-2020-8259 & CVE-2020-8152 are unfixed! Please note that both CVEs only affect the file encryption module which is turned off by default. Alternatively, `pkgs.nextcloud20` can be used."
     ];
   };
author	Maximilian Bosch <maximilian@mbosch.me>	2021-01-05 22:31:06 +0100
committer	Maximilian Bosch <maximilian@mbosch.me>	2021-01-05 22:32:05 +0100
commit	78f022e79133c514c3da3a220713451722284b54 (patch)
tree	e8a174191ba2de729276793eee7fc7059bf813c5 /pkgs/servers/nextcloud/default.nix
parent	f35bf8ef29d2bd9e4f1a915202de355e126a9ffd (diff)