Skip to content

Ghostscript/GhostPDL 10.03.1

Compare
Choose a tag to compare
@chris-liddell chris-liddell released this 17 May 11:32
· 1 commit to master since this release

Patch release to address security bugs:
CVE-2024-33869
CVE-2023-52722
CVE-2024-33870
CVE-2024-33871
CVE-2024-29510

Also note: For the 10.04.0 release (fall/autumn 2024) we will be adding protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.

Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.

The exception is "nulldevice", switching to that requires no special action.