HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mksaunders2

no profile record

Submissions

Because of security vulnerabilities: LibreOffice advises against OpenOffice

heise.de
9 points·by mksaunders2·작년·0 comments

OpenOffice still being recommended despite year-old unfixed security issues

fosstodon.org
12 points·by mksaunders2·작년·4 comments

OpenOffice security issues unfixed in over 365 days, security status Amber

whimsy.apache.org
8 points·by mksaunders2·2년 전·3 comments

comments

mksaunders2
·2개월 전·discuss
Just to point out that that this article is a mixture of completely wrong, and misleading:

* There is no such thing as "LibreOffice 26.4 Beta". The next release of LibreOffice will be 26.8, and hasn't gone into beta yet. So the author is seemingly inventing this

* LibreOffice is not "introducing early AI-powered writing capabilities". There are no plans to put AI in LibreOffice. Some people are working on third-party extensions that add AI features, but those are separate. Very misleading.
mksaunders2
·3개월 전·discuss
You can read TDF's position: https://blog.documentfoundation.org/blog/2026/04/01/comment-...
mksaunders2
·3개월 전·discuss
Everyone, please also read TDF's side of the story, before speculating: https://blog.documentfoundation.org/blog/2026/04/01/comment-...
mksaunders2
·3개월 전·discuss
Please do read TDF's side of the story as well: https://blog.documentfoundation.org/blog/2026/04/01/comment-...
mksaunders2
·11개월 전·discuss
LibreOffice developer | Preferably full-time | Remote

Love LibreOffice development? Want to turn your passion into a paid job? We are The Document Foundation (TDF), the non-profit entity behind LibreOffice. We’re passionate about free software, the open source culture and about bringing new companies and people with fresh ideas into our community.

To improve the user interface of LibreOffice, the office productivity suite for over 200 million users around the globe, we’re searching for a developer (m/f/d) to start work (from home) as soon as possible. This is what you’ll do:

* Work on the LibreOffice codebase (mostly C++)

* Focus on LibreOffice’s user interface, in the way it is rendered and laid out

* Fix bugs, implement new features, and improve the quality of the UI code in LibreOffice while working together with the design team and other contributors

* Document what you do, actively share knowledge in public with volunteers and contributors via blog posts, workshops and conference talks, so other developers and users have an easier time learning about your work

Full listing: https://blog.documentfoundation.org/blog/2025/08/07/join-the...
mksaunders2
·작년·discuss
Here's also the Apache Software Foundation's Security Team minutes with "openoffice (Health amber): Three issues in OpenOffice over 365 days old and a number of other open issues not fully triaged":

https://whimsy.apache.org/board/minutes/Security_Team.html
mksaunders2
·작년·discuss
The Git log is also almost entirely two people removing whitespace, changing the case of HTML tags and tweaking comments: https://github.com/apache/openoffice/commits/trunk
mksaunders2
·작년·discuss
BTW, anyone concerned can email apache at apache dot org and ask why they're still distributing OpenOffice despite vulnerabilities. A few people on Mastodon have done that but gotten no answers yet. The more pressure there is to put it in the Attic, the sooner this awful situation will end...
mksaunders2
·작년·discuss
It's extremely risky to keep using OpenOffice. Apache has marked its security status as "Amber" with "three issues in OpenOffice over 365 days old and a number of other open issues not fully triaged."

It's also worrying that The Apache Foundation continues to promote and distribute OpenOffice despite unfixed security issues and zero updates to the software. So many people in the FOSS world have called on them to finally retire it, put it in the Attic and keep up a good reputation for FOSS - but they won't do it. It still gets hundreds of thousands of downloads despite being unfixed.

It's irresponsible of The ASF IMO.
mksaunders2
·작년·discuss
Yes, and now there are unfixed security issues in OpenOffice over a year old, so the ASF really, really should put it in the Attic ASAP. If more people in the FOSS world raise awareness about this, perhaps it will finally happen, so users become aware of maintained, fixed successor projects:

https://en.wikipedia.org/wiki/Apache_OpenOffice#Security
mksaunders2
·작년·discuss
> I still don't understand there isn't a supported version of LibreOffice that I can pay for

But there are, and has been for years, such versions: https://www.libreoffice.org/download/libreoffice-in-business...
mksaunders2
·작년·discuss
The Apache Security Team report says it now has "three issues in OpenOffice over 365 days old and a number of other open issues not fully triaged". So it's not just unmaintained, but actively putting users at risk. It's not clear why the ASF won't put it in the Attic.
mksaunders2
·작년·discuss
The "NotebookBar" tabbed user interface is a huge change and was implemented a few years ago. Still needs some refinement (anyone is welcome to help the Design community volunteers!) but there have been some very big changes...
mksaunders2
·작년·discuss
Auto-updates on Windows were implemented in the previous major release :-)
mksaunders2
·작년·discuss
Totally incorrect. LibreOffice had no plans to do a "commercial" version - it's from a non-profit organisation. A few years ago, the version from The Document Foundation was given the label "LibreOffice Community" to make it clear that it's a community-driven project and doesn't provide long-term support or other things that enterprises need. (Because enterprises were getting it from TDF and expecting technical support contracts and other things.)
mksaunders2
·작년·discuss
According to the Apache Security Team, Apache OpenOffice has:

> Three issues in OpenOffice over 365 days old and a number of other open issues not fully triaged.

Do you think it is responsible to keep serving users vulnerable software and misleading them that it's being updated with pointless code commits?

It's vulnerable, there's been no major update since 2014, and now unfixed issues over a year old. Those changing typos in the source code instead of actually fixing the issues should really be ashamed.
mksaunders2
·2년 전·discuss
According to Apache they still get tens of thousands of downloads of OpenOffice every day (mostly Windows). It's a really bad image for free and open source software when users (who don't know about successor projects) discover that it's ancient, with no major update since 2014, and has unfixed security issues.