![[TEST] Document Foundation Community](https://communitytest.documentfoundation.org/images/discourse-logo-sketch.png){kind=logo}
hello.
i use libreoffice for two years as you know.
today i recieved an email about security Vulnerability which are
solved in different versions of openoffice.
but fortunately i did not see such emails about libreoffice!
does it mean that libreoffice which is one branch of openoffice, is
extremely secure and it does not have any security Vulnerability to
fix in the every new release version?
all versions are the same in security and its no different which
version i desire to use. is it true?
i use and wish to use 4.4.6, is it completely secure like the oldest
and newer versions?
finally, if its impossible or difficult to answer my questions in the
list, please send me the answer via my personal email address!
nasrinkhaksar3@gmail.com
thanks so much for your great job and God bless you all!
@Nasrin, *
LibreOffice is released essentially each month. More so than other projects,
you can be assured that published security issues are resolved in a timely
fashion. We don't make a big deal of announcing it because it is routine
for this project.
Here is a small sample of the security patches LibreOffice applies and
builds into releases on a regular basis:
http://www.libreoffice.org/about-us/security/advisories/
or
https://cgit.freedesktop.org/libreoffice/core/log/?qt=grep&q=CVE
Stuart
does it mean that libreoffice which is one branch of openoffice, is
extremely secure and it does not have any security Vulnerability to
fix in the every new release version?
LibreOffice is a fork of OpenOffice.org, not a branch, and as such has
independent development and security management.
all versions are the same in security and its no different which
version i desire to use. is it true?
Absolutely not. You should use one of the two versions currently
available for download.
i use and wish to use 4.4.6, is it completely secure like the oldest
and newer versions?
No, you should use either 5.1.x or 5.2.x. LibreOffice 4.4.6 is over two
years old, and has not been updated security wise for over one year.
Hi Nasrin,
we had the same discussion on German mailinglist.
The special fix, which has been published for AOO now, has been
included in version LO 4.2. It's a little bit ago - about 2 years and
10 months. So no problems to take the last LO 4.4-version. But better
would be, to take a version, where new fixes will be made. If you
wan't to have a secure version of LO you better take LO 5.1 or LO 5.2
instead.
Regards
Robert
does it mean that libreoffice which is one branch of openoffice, is
extremely secure and it does not have any security Vulnerability to
fix in the every new release version?
No. As stated by others, LibreOffice and OpenOffice are two different
project, even if they share the same origin, and as such do things
differently.
Regarding vulnerabilities, they exist and get fixed, but these fixes are
just part of the regular development of the project. No need to highlight
them, except for some rare cases (I might be wrong, but some times ago such
issue was raised and discussed, I believe).
all versions are the same in security and its no different which
version i desire to use. is it true?
Absolutely not. In fact, It is false for a lot of project. Security fixes
are part of a project, and are integrated in each new versions. Except for
projects that maintain a LTS version (or similar), backporting security
fixes to older releases is resource intensive. Some linux distributions
that maintain LTS versions of their releases might work on backporting
security fixes to older LibreOffice version, but it is dependent on them.
i use and wish to use 4.4.6, is it completely secure like the oldest
and newer versions?
Nope. Since older versions are not maintained, if a vulnerability is found
in a newer version it might affect older versions. It is recommended to use
either the latest version, or a long-term support one, as they are the only
one that are sure to get all security updates.
In general, there is little to no incentive to use older versions: newer
versions should not go back in term of functionalities, and get a lot of
bug fixed (not only security ones). If you have a specific issue with newer
version, it might be interesting to get it fixed instead of using an old,
insecure version.
does it mean that libreoffice which is one branch of openoffice, is
extremely secure and it does not have any security Vulnerability to
fix in the every new release version?LibreOffice is a fork of OpenOffice.org, not a branch, and as such has
independent development and security management.all versions are the same in security and its no different which
version i desire to use. is it true?Absolutely not. You should use one of the two versions currently
available for download.i use and wish to use 4.4.6, is it completely secure like the oldest
and newer versions?No, you should use either 5.1.x or 5.2.x. LibreOffice 4.4.6 is over two
years old, and has not been updated security wise for over one year.
I am still using LibreOffice 4.3.6.1 since LO makes it impossible for me to upgrade in my OS (Mac OS X Lion 10.7.5).
My iMac 24", although old, functions very well, but Apple thinks that my HW is to old to update the OS to a newer version. Since LO decided to go with new libraries I am stuck with LO 4.3.6.1
Rob wrote
I am still using LibreOffice 4.3.6.1 since LO makes it impossible for me
to upgrade in my OS (Mac OS X Lion 10.7.5).
My iMac 24", although old, functions very well, but Apple thinks that my
HW is to old to update the OS to a newer version. Since LO decided to go
with new libraries I am stuck with LO 4.3.6.1
Sure, at 4.4 we dropped support for OS X 10.7 (Lion) and earlier and also
of 32-bit builds for OS X, but you should probably update to the final
4.3.7.2 build:
http://downloadarchive.documentfoundation.org/libreoffice/old/4.3.7.2/mac/
Well, it installs, but when I try to start it it comes back with:
You can't use this version ofthe application LibreOffice.aoo with this version of Mac OS X.
You have Mac OS X 10.7.5. The application requires Mac OS X 10.8 or later.
Although it is a nice message, I woyld prefer to get it BEFORE installation, not after!
Rob.
OK, I now succesfully installed the 32 bit vwrsion-
Thanks for the suggestion.