Hi Adam, thank you very much for your detailed information! Because i’m concerned with Software as an end-user only, your explanation gave me really helpful insight and further understanding of the circumstances under which security issues in a program like QGis may arise.
As far as i understood, my concerns about security risks seem more or less negligible, if you work with your own projects mainly. On the other hand i now see that updating should not cause problems because, in case, there still is the option to switch back to the previously used version. I didn’t know about online vulnerability databases yet. In the future this will also be a helpful resource for me for issues like this! I really appreciate your help! Thanks and best wishes Max > Am 28.02.2024 um 00:37 schrieb Adam Nielsen <a.niel...@shikadi.net>: > > >> >> As a private and amateur end-user of QGis I would really like to know >> if not running the latest version of QGis is a (serious) security >> risk for my Computer? > > Do you open projects and data sources from untrusted people? If so > then it can be a security risk if you are opening a malicious data > file. If you trust the files and data sources then the risks are > minimal, although of course those people could be hacked so there's > always some unavoidable risk. > >> Because of concerns regarding the bug-less performance and >> compatibility of my old project files (albeit potentially >> unjustified) and the inconvenience resulting from a missing built in >> Update feature of QGis, I have not installed the latest version of >> the program yet. > > There's no harm in making a copy of your projects, upgrading QGIS, and > testing them out. If they break and you can't fix it, you can install > the old version and restore the project from the copy you made. > > I've only been using QGIS for a little over a year now, and kept > regularly up to date. I've never had a problem with upgrades and even > going backwards in versions. Different versions have different > features and bug fixes but so far the likelihood of breaking my projects > seems pretty low. Of course I still keep backups just in case, because > there are many other things that can go wrong as well (hardware failure, > ransomware, etc.) > >> As I am quite new to Mac computers and (as many people convinced me >> it is not necessary) I am not using extra anti-virus software, I have >> serious concerns if an older version of QGis could be a security risk >> for my computer. > > When security problems are discovered in popular programs like QGIS, > they are typically recorded in an online vulnerability database. You > can search this for your favourite programs to see how many > vulnerabilities there are and how old they are, then do your own > research to find out what version they were fixed in. The search for > QGIS shows no security issues found so far: > > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=qgis > > It doesn't mean there aren't any security flaws, just that nobody has > found any yet. > > Often security issues will be in an obscure part of a program that you > are unlikely to use, so even if there are issues, they may not affect > you anyway. You'll have to read the details listed on the issue to find > that out. > > Cheers, > Adam. _______________________________________________ QGIS-User mailing list QGIS-User@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user