And there are also many invisible tasks to be dealt with, such as moving to a new cloud server, a new homepage, looking for financing our expenses, to name just a few.Ībout 4800 commits have been made since the last stable version 2.1.3. In addition, there were many problems in our parallel project libdxfrw, which we also take care of. We no longer have the resources to maintain a stable and a development branch side by side. But the main cause, however, is the loss of manpower in recent years. Already announced several times, new obstacles kept appearing. It took far too long to present this new stable LibreCAD version. But this is a worst case scenario, which I would rate as extremely low to occur.With some efforts an attacker possibly can create a shape file, which can lead to unintended code execution and seize your computer.The vulnerability is an out-of-bounds read, what means, if a malformed shape file is imported, the application can crash.If you are a surveyor and need the shape file support, it is safe to stay with 2.2.0 version, as long as you know the origin of the used shape files.As this is probably not a widely used plugin, the fix was just to remove the plugin.Shape files are used in surveying and so do not affect the most users.The vulnerability addresses only the plugin Importshp, which is used to import shape files (SHP/SHX/DBF).It fixes a minor vulnerability (CVE-2023-30259) with a mature shapelib contained in our codebase.A regression, finding nearest points on ellipses caused a crash.An undetected vulnerability, opening malformed LFF font files caused a crash.This is a bugfix release for official stable release 2.2.0. Meanwhile, for LibreCAD 2.2.0 series, Qt5 is mandatory. The Qt4 porting was completed eventually during the development of 2.0.0 series, thanks to our master developer Rallaz, and LibreCAD has become Qt3 free except in the 1.0.0 series. Porting the rendering engine to Qt4 proved to be a large task, so LibreCAD initially still depended on the Qt3 support library.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |