Serious vulnerability found in webservice function:

github.com/jollheef/libreoffic

impact is that every file to which the user has read access can be silently disclosed to a webserver.

is asking all users today to upgrade to the latest version of for "for improved robustness and security":

blog.documentfoundation.org/bl

I haven't found this issue in the list of fixed bugs yet. Will test tomorrow if this has been fixed.

I could validate today that the vulnerability in function 'webservice' has been fixed in version 5.4.5
YOU SHOULD UPGRADE ASAP!

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!