Ghostscript/GhostPDL 10.03.1
Patch release to address security bugs:
CVE-2024-33869
CVE-2023-52722
CVE-2024-33870
CVE-2024-33871
CVE-2024-29510
Also note: For the 10.04.0 release (fall/autumn 2024) we will be adding protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.