Might just be the media I was using, but every caption language loaded on screen and couldn’t be turned off after the update lol it was quite the book on screen

Specific to windows then?

Edit: sorry, apparently not specific lol the CVE is specific to windows

My approach was to set it all up internally, create a wireguard VPN accesspoint and only open that up. That way I don’t have as much to worry as much within the network (still use generated passwords for things) and able to access it anywhere.

Granted, you asked about opening up to the www. I’d suggest buying a domain through cloudfront, setting up an nginx instance that proxies traffic (think nextcloud.mydomain.com), and have it only accept connections from cloudfront servers.

That allows you SSL termination, pretty good bot coverage, and a nice domain name to share as needed.