I've been following this situation closely and advising users about the workaround for *CVE-2019-9848*. *Problem:* The Document Foundation has stated that the patch for CVE-2019-9848 was not entirely effective. I can provide documentation. A further patch was supposed to be applied in version 6.3.4 this week. And yet there is no record in the release notes of that patch. Instead, there is an incorrect listing that CVE-2019-9848 was patched in v6.2.5.2, which has been published to not be the case. https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/ <https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/> This situation is thoroughly confusing users. I'm continuing to advise users to apply the workaround for CVE-2019-9848. Please sort this out ASAP. Thank you. Derek Currie -- Sent from: http://document-foundation-mail-archive.969070.n3.nabble.com/Discuss-f1621725.html -- To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.documentfoundation.org/www/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy