[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LilyPond disabled on Wikimedia

From: Étienne Beaulé
Subject: Re: LilyPond disabled on Wikimedia
Date: Thu, 15 Oct 2020 19:46:55 -0400

Hello, I’m the maintainer of the Score extension.

There is also 
<> which affects LilyPond 
through PostScript code injection. We’ve also done a security audit. I’ve CC’d 
Tim Starling who performed the audit to this thread, and he’s be in a better 
position to responsibly disclose problems.

We hope to get LilyPond back on the Wikis, and that vulnerabilities get fixed 
well for a safer LilyPond!


> Le 15 oct. 2020 à 19:05, Carl Sorensen <> a écrit :
> Unfortunately, there's not enough information on that thread to understand 
> what the issues are.
> I know that in the past there have been significant security concerns which 
> had a core concern related to Guile programming, since Guile is a 
> turing-complete language.
> I don't know how we can contribute until we are made aware of the challenges 
> here.
> Carl
> On 10/15/20, 4:14 PM, "lilypond-devel on behalf of Daniel Benjamin Miller" 
> < on behalf of 
>> wrote:
> Not of direct relevance to us as end users, but can someone shed light 
> on this and/or resolve the concern of the Wikimedia people? In the 
> meantime Lilypond support has been disabled on Wikipedia. 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]