From 8d8253f89915f1d9b45791d46cf974c6bdcc1457 Mon Sep 17 00:00:00 2001 From: Eli Zaretskii Date: Sun, 24 Mar 2024 08:19:29 -0400 Subject: * etc/NEWS: Update for Emacs 29.3 --- etc/NEWS | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/etc/NEWS b/etc/NEWS index 06086e9bdfb..3f94b0d4634 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -15,32 +15,28 @@ in older Emacs versions. You can narrow news to a specific version by calling 'view-emacs-news' with a prefix argument or by typing 'C-u C-h C-n'. - -* Installation Changes in Emacs 29.3 - - -* Startup Changes in Emacs 29.3 - * Changes in Emacs 29.3 +Emacs 29.3 is an emergency bugfix release intended to fix several +security vulnerabilities described below. - -* Editing Changes in Emacs 29.3 +** Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. +This is for security reasons, to avoid evaluating malicious Lisp code. - -* Changes in Specialized Modes and Packages in Emacs 29.3 +** New buffer-local variable 'untrusted-content'. +When this is non-nil, Lisp programs should treat buffer contents with +extra caution. - -* New Modes and Packages in Emacs 29.3 +** Gnus now treats inline MIME contents as untrusted. +To get back previous insecure behavior, 'untrusted-content' should be +reset to nil in the buffer. - -* Incompatible Lisp Changes in Emacs 29.3 +** LaTeX preview is now by default disabled for email attachments. +To get back previous insecure behavior, set the variable +'org--latex-preview-when-risky' to a non-nil value. - -* Lisp Changes in Emacs 29.3 - - -* Changes in Emacs 29.3 on Non-Free Operating Systems +** Org mode now considers contents of remote files to be untrusted. +Remote files are recognized by calling 'file-remote-p'. * Installation Changes in Emacs 29.2 -- cgit v1.2.3