Suhail Singh writes:
> Steven Allen writes:
>
>> The concern is that, e.g., there may b a function _marked_ as pure
>> that's not actually pure, leaks some information, and/or has a
>> security vulnerability (e.g., a C function exposed to lisp that's
>>
Suhail Singh writes:
> Steven Allen writes:
>
>> 1. While this feature no longer invokes completely arbitrary code, it
>> still allows an attacker to call any function marked as "pure" which
>> is a pretty large attack surface.
>
> I am struggling to a
Suhail Singh writes:
> Ihor Radchenko writes:
>
>> If you are actively using #+LINK: keywords with %(...) placeholders or
>> have any objections to this feature removal, please let us know.
>
> I do not actively use this feature, however, removing it seems
> excessive. IIUC, it's a useful feat
Ihor Radchenko writes:
> Ihor Radchenko writes:
>
>> I just released Org mode 9.7.5 that fixes a critical vulnerability.
>> The release is coordinated with emergency Emacs 29.4 release.
>
> This one is another potential issue (or a feature) we have found while
> discussing the main vulnerability
Greg Troxel writes:
> (Thanks for fixing and your efforts on org. I've been an org user since
> at least July of 2010.)
>
> Just to be clear, is this the commit that needs applying to emacs
> sources, 29.3, 28.x, and so on?
Yes, that's the correct commit.
> It seems so, but I would rather not
p 17 00:00:00 2001
From: Steven Allen
Date: Thu, 1 Jun 2023 11:49:19 -0700
Subject: [PATCH] org.el: inline display of attached images in link
descriptions
* lisp/org.el (org-display-inline-images): inline display of attached
images in link descriptions.
Previously, `org-display-inline-images&#x
* lisp/org.el (org-display-inline-images): inline display of attached
images in link descriptions.
Previously, `org-display-inline-images' only inlined images in link
descriptions when they were explicit "file:" links. This change adds
support for "attachment:" links. E.g.:
[[https://orgmode.
