Hi Arrigo, Am 14.05.21 um 07:27 schrieb Arrigo Marchiori: > Hello Carl, all, > > On Thu, May 13, 2021 at 07:23:16PM -0400, Carl Marcum wrote: > > [...] > >> Hopefully we can collect the exceptions in the BZ issue noted in this thread >> and then agree on the direction. >> >> The few I see so far are: >> 1. in-document links beginning with #. >> 2. .uno:XXX links >> 3. Links to local files. >> >> I think all 3 are candidates but that's just me. >> >> @Arrigo, were you planning on a PR for AOO41X ? >> >> If not, I can try at least some of it but again I'm not really a C++ guy yet >> :) > I suggest we make up our minds on the intended solution first, and > then start coding it. We have seen some interesting proposals, some of > which were quite complex (adding configuration settings, dialogs etc). > > The three categories listed above would be candidates for > whitelisting, and this would be the quickest fix. But someone fluent > in UNO should first ensure all of us that no.2 is not going to reopen > any other backdoors! > > Maybe this topic is worth a discussion with vote, the Apache way? So > we get our roadmap fixed. > >>>> There is also the suggestion (Dave's maybe?) that we add the 3 >>>> security levels (that are already in the code) for links to the UI >>>> settings and let the user lock it down or open it up from where it is >>>> now. > Yes, I was referring to this and to Peter's ideas. > >>> Yes, but that will only work for trunk/AOO42X since we need to update >>> the translations too. > I agree, but how many 4.1.X versions do we want to publish before 4.2.0? > Now that we support two digits, please let us not point to 4.1.99 ! ;-)
As "soon" as all Release Blocker are fixed we can release 4.2.0 ;-) Regards, Matthias > > Best regards,
smime.p7s
Description: S/MIME Cryptographic Signature
