https://bugs.documentfoundation.org/show_bug.cgi?id=128498
--- Comment #15 from Stephan Bergmann <sberg...@redhat.com> --- (In reply to vatairethibault from comment #14) > Ok, I understand now how link update works : > Global settings take precedence over document settings (so LibreOffice > always ignore the "LinkUpdateMode" document setting), and when "Always" is > selected in global settings, links are only updated if the document is in a > trusted file location (see Security > Macros security > Trusted sources > > Trusted file locations). The relevant commit <https://git.libreoffice.org/core/+/59f9a0de39e4356220705bb6c4be66c956dc9c6d%5E%21> "LinkUpdateMode is a global setting" was a mitigation for <https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/> "CVE-2015-4551 Arbitrary file disclosure in Calc and Writer". From my private/security notes from back then: "I have available a fix for LibreOffice that treats a document's 'always update links' setting as if it rather were 'ask to update links' in Calc and Writer unless "(1) 'Tools - Options... - LibreOffice - Security - Macro Security... - Security Level - Low (not recommended)' is selected; or "(2) the document matches any of the 'Tools - Options... - LibreOffice - Security - Macro Security... - Trusted Sources - Trusted File Locations.' "That is probably a good compromise to make the new behavior actually kick in for users, but without hampering considered-to-be-secure scenarios with additional dialogs." -- You are receiving this mail because: You are the assignee for the bug.
