_Nemo_

unless you rip the movie out into a single file first

I don’t see the problem with that. It’s what I’ve done with every single disk I own. Why would I bother with badly-written menus, pointless extra content and tons of ads and copyright warnings I need to sit through before I can watch what I paid for?

You guys patched the annoying “crash-on-start” bug! 😍 I was collecting diagnostics to help nail it down, but you guys were faster. Keep up the great work! 👍👍👍

Thanks for your detailed reply!

To make that happen, the attacker must […] already have access to the server to upload and process the file, which means that security has already failed.

Do I correctly assume that by axis you mean shell or even root level access? If not, any of my regular users (turned rogue…) could upload a poisoned raw file which nextcloud would process to, for instance, generate a thumbnail.