Richard Kimberly Heck wrote: > Are available for testing at http://ftp.lyx.org/pub/lyx/devel/lyx-2.3/. > I suppose we should wait to prepare binaries until we have some feedback.
Before we announce we might consider to issue new warning as part of release. Or even as a separate entry. After the recent discovery of ghoscript vulnerabilities distributions seem to actually follow suggestion of the security researcher who announced them and broadly ban any conversions from ps/eps/pdf/xps in imagemagick no matter the consequences. I don't need to stress on this list what it means for LyX -- just from todays update of my distro I'm not capable to view most of my documents by default... Unfortuntaly there is very little we can directly for 2.3.1. We should at least signalize in announcement for distro maintainers that this *is* issue and perhaps add some hint how to allow users to locally enable things in policy.xml so they can continue their work. In longer-term -- if this ban continues -- we might try to ask Qt to do the conversions instead of imagemagick, but that's is definitely not for 2.3.1. Other ideas? Pavel https://www.bleepingcomputer.com/news/security/no-patch-available-yet-for-new-major-vulnerability-in-ghostscript-interpreter/
