Dear all, I just released Org mode 9.7.5 that fixes a critical vulnerability. The release is coordinated with emergency Emacs 29.4 release.
Please upgrade your Org mode *and* Emacs ASAP. The vulnerability involves arbitrary Shell code evaluation when previewing attachments in Emacs MUA (gnus-based: at least, mu4e, Notmuch, Gnus itself) or when opening third-party Org files. All the earlier versions of Org mode are affected. Note that the vulnerability solved in this release has nothing to do with recent Org 9.6.23 release (https://list.orgmode.org/871q7zbldp.fsf@localhost/). It existed since long time ago and was discovered by accident. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92>
