Home » You searched for security

Search Results for: security

ODF format security: encryption, signatures and metadata management

Open Document Format (ODF) is an open standard for office documents – texts, spreadsheets, presentations and more – that is flexible and interoperable. As with any other digital format, its security is a key concern, as ODF files often contain sensitive information that, without adequate protection measures, can be exposed, tampered with or tracked. This post analyses how ODF handles security, focusing on encryption, digital signatures and metadata management: three features that protect documents from prying eyes and tampering. Encryption: content locking ODF supports file-level encryption using standard algorithms. When you save an ODF document with a password, the content is compressed and then encrypted using AES (Advanced Encryption Standard), typically with a 256-bit key. Here’s what happens behind the scenes: The document content (the XML file) is compressed. A random salt (a sequence of bits used together with a password as input to a one-way function) and an initialisation vector (IV), which is a block of bits of a predefined length, are generated. A key is derived from the password using PBKDF2 (Password-Based Key Derivation Function 2). The key is a string of data used with an algorithm to encode (encrypt) and decode (decrypt) the text, transforming it from

LibreOffice Security Backgrounder

Today we are announcing the first release of a very important document that describes – in language accessible to everyone, including non-security specialists – the impressive work done by developers and quality assurance specialists in the area of LibreOffice security. From now on, the LibreOffice Security Backgrounder will be updated on the occasion of each major release of LibreOffice, i.e. in February and August each year (as things stand). For this reason, the full name of this document is LibreOffice Security Backgrounder 2023.12. It is important to stress that the purpose of this document is purely informational, to clarify aspects and steps in the development process that have not been sufficiently documented in the past. Software security is a fundamental aspect, but not a competitive advantage. The security of LibreOffice and the documents it generates is very important to all of us, and especially to the users of the suite, which is why there are dozens of people with advanced computer security skills who dedicate their time to protecting and improving it. We hope that this document, which has been produced with the help of a number of companies and individuals, some of whom are mentioned in the document itself,

Important release of LibreOffice 7.6.2 Community and LibreOffice 7.5.7 Community with key security fix

Berlin, 26 September 2023 – The Document Foundation is releasing LibreOffice 7.6.2 Community and LibreOffice 7.5.7 Community ahead of schedule to address a security issue known as CVE 2023-4863, which originates in a widely used code library known as libwebp, created by Google more than a decade ago to render the then-new WebP graphics format [1]. In addition to the CVE, the two new versions fix other bugs and regressions and are available immediately from www.libreoffice.org/download [2]. All users of LibreOffice are encouraged to update their current version as soon as possible. The minimum requirements for proprietary operating systems are Microsoft Windows 7 SP1 and Apple MacOS 10.15. For enterprise-class deployments, TDF strongly recommends the LibreOffice Enterprise family of applications from ecosystem partners – for desktop, mobile and cloud – with a wide range of dedicated value-added features and other benefits such as SLAs: www.libreoffice.org/download/libreoffice-in-business/. The Document Foundation does not provide technical support to users, although it is available from volunteers on user mailing lists and the Ask LibreOffice website: ask.libreoffice.org. LibreOffice users, free software advocates and community members can support the Document Foundation by making a donation at www.libreoffice.org/donate. [1] Details of CVE 2023-4863: nvd.nist.gov/vuln/detail/CVE-2023-4863. Bugzilla: bugs.documentfoundation.org/show_bug.cgi?id=157231. [2] Change

Bug bounties: finding and fixing security holes with European Commission funds

Free and open source software (FOSS) is about much more than driving costs down, in some cases even down to zero – it’s about giving control back to users, developers and even nations. With FOSS, everyone gains the freedom to study, improve and share the software – and to use it whenever and wherever they want, without being restricted by vendor lock-in strategies. FOSS has been widely used amongst government bodies and public services, so thanks to the coordination of their recently formed Open Source Programme Office (OSPO), the European Commission has started a series of hackathon and “bug bounty” programmes to help selected projects find (and potentially fix) security issues. The Commission’s OSPO has set aside €200,000 to reward developers and researchers who find critical security vulnerabilities in free software projects (such as LibreOffice and Mastodon). Rewards go from €250 up to €5000 for security bug disclosures, with 20% added on top if the researchers provide also a fix for the bug. This will surely help to further improve the security and reliability of FOSS tools, benefiting everyone from individual users to larger governmental and public bodies, and to make FOSS known to those that haven’t yet discovered how

LibreOffice 7.2.4 Community and LibreOffice 7.1.8 Community available ahead of schedule to provide an important security fix

Berlin, December 6, 2021 – The Document Foundation announces LibreOffice 7.2.4 Community and LibreOffice 7.1.8 Community to provide a key security fix. Releases are immediately available from https://www.libreoffice.org/download/, and all LibreOffice users are recommended to update their installation. Both new version include the fixed NSS 3.73.0 cryptographic library, to solve CVE-2021-43527 (the nss secfix is the only change compared to the previous version). LibreOffice 7.2.4 Community is also available for Apple Silicon from this link: https://download.documentfoundation.org/libreoffice/stable/7.2.4/mac/aarch64/. LibreOffice Community is based on the LibreOffice Technology platform, the result of years of development efforts with the objective of providing a state of the art office suite not only for the desktop but also for mobile and the cloud. LibreOffice individual users are assisted by a global community of volunteers: https://www.libreoffice.org/get-help/community-support/. On the website and the wiki there are guides, manuals, tutorials and HowTos. Donations help us to make all of these resources available. LibreOffice users, free software advocates and community members can provide financial support to The Document Foundation with a donation via PayPal, credit card or other tools at https://www.libreoffice.org/donate.

LibreOffice 6.3.1 and LibreOffice 6.2.7 announced, focusing on security

Berlin, September 5, 2019 – The Document Foundation announces LibreOffice 6.3.1, the first minor release of the LibreOffice 6.3 family, and LibreOffice 6.2.7, the seventh minor release of the LibreOffice 6.2 family, with many bug fixes and a key security improvement. LibreOffice 6.3.1 and LibreOffice 6.2.7 consider the presence of any call to a script-like thing as equally hazardous as a macro, and present the user a warning dialog about the document trying to execute a script. Users should never allow the execution of macros and scripts embedded in documents, unless they are perfectly aware of the potential risks associated with the action. LibreOffice 6.3.1 “fresh” is targeted at technology enthusiasts and power users, while LibreOffice 6.2.7 “still” is targeted at users in production environments and individual users who prefer robustness over advanced features. All LibreOffice users should update immediately their current version. LibreOffice’s individual users are helped by a global community of volunteers: https://www.libreoffice.org/get-help/community-support/. On the website and the wiki there are guides, manuals, tutorials and HowTos. Donations help us to make all of these resources available. LibreOffice users are invited to join the community at https://ask.libreoffice.org, where they can get and provide user-to-user support. While TDF can not

Press Releases

Announcement of LibreOffice 25.8.4

Berlin, 18 December 2025 – LibreOffice 25.8.4, the fourth minor update to the free office suite developed by volunteers for…

Open Document Format

The Future of Open Standards and the Importance of ODF

Open standards don't make headlines. Instead, they work quietly behind the scenes to define how information is created, shared and…