emacs-orgmode
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ANN] Emergency bugfix release: Org mode 9.7.5


From: Ihor Radchenko
Subject: [ANN] Emergency bugfix release: Org mode 9.7.5
Date: Sat, 22 Jun 2024 16:10:35 +0000

Dear all,

I just released Org mode 9.7.5 that fixes a critical vulnerability.
The release is coordinated with emergency Emacs 29.4 release.

Please upgrade your Org mode *and* Emacs ASAP.

The vulnerability involves arbitrary Shell code evaluation when
previewing attachments in Emacs MUA (gnus-based: at least, mu4e,
Notmuch, Gnus itself) or when opening third-party Org files. All the
earlier versions of Org mode are affected.

Note that the vulnerability solved in this release has nothing to do
with recent Org 9.6.23 release
(https://list.orgmode.org/871q7zbldp.fsf@localhost/). It existed since
long time ago and was discovered by accident.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]