In prep for 4.1.10 (and our 1st release candidate), we're using
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.10
for tracking.
-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional co
Thank you Dave for all your work and co-ordination with security, the
reporter, and communications.
Best regards,
Carl
On 4/15/21 4:06 PM, Dave Fisher wrote:
Hi -
Here is some background on the issue which has apparently existed since about
OpenOffice.org 2.0 in 2005 or so.
See https://bz.a
Thans Dave, for your letter.
ilgarexampl...@gmail.com
пт, 16 Апр 2021, 3:57 Dave Fisher :
> Severity: moderate
>
> Description:
>
> The project received a report that all versions of Apache OpenOffice
> through 4.1.8 can open non-http(s) hyperlinks. The problem has existed
> since about 2006 and
Hi -
Here is some background on the issue which has apparently existed since about
OpenOffice.org 2.0 in 2005 or so.
See https://bz.apache.org/ooo/show_bug.cgi?id=49802
Some confusion existed between types of hyperlinks and rather than filtering
they were all allowed to proceed.
Arrigo restor
Hi -
We are working on releasing 4.1.10 soon do to this security report [1] which
was announced today.
I’d like to credit Arrigo Marchiori and Carl Marcum for development. Ariel
Constenla-Haile and Peter Kovacs for our indispensible OpenGrok setup. Matthias
Seidel, Marcus Lange, Jim Jagielski,
Severity: moderate
Description:
The project received a report that all versions of Apache OpenOffice through
4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006
and the issue is also in 4.1.9. If the link is specifically crafted this could
lead to untrusted code exe
