The Document Foundation publishes details of LibreOffice 3.4.3 security fixes

The Internet, October 4, 2011 – The Document Foundation (TDF) publishes some details of the security fixes included with the recently released LibreOffice 3.4.3, and included in the older 3.3.4 version. Following industry best practice, details of security fixes are withheld until users have been given time to migrate to the new version. RedHat security researcher Huzaifa Sidhpurwala identified a memory corruption vulnerability in the code responsible for loading Microsoft Word documents in LibreOffice. This flaw could have been used for nefarious purposes, such as installing viruses, through a specially-crafted file. The corresponding vulnerability description is CVE-2011-2713,”Out-of-bounds property read in binary .doc filter”. LibreOffice 3.4.3 also includes various improvements to the loading of Windows Metafile (.wmf) and Windows Enhanced Metafile (.emf) image formats that were found through fuzz testing. LibreOffice developers have developed some additional security patches and fixes. These are part of a general set of development improvements which are reflected in the overall quality and stability of the software. Most LibreOffice 3.4.3 security fixes have been developed by Caolan McNamara of RedHat and Marc-André Laverdière of Tata Consultancy Services. “Working on fuzzing LibreOffice import filters has been a great experience, and I am glad I could contribute in

Financials and Budget – TDF Annual Report 2025

This is part of the Annual Report 2025 from The Document Foundation, the non-profit that coordinates the LibreOffice project and community. TDF exists because of a large, dynamic global community — volunteers, ecosystem companies and committed end users who support our work with donations of both time and money. The 2025 accounts tell a clear story: a foundation that grew significantly, while keeping its finances transparent and its spending tied to its mission. A year of strong growth in income Total income for 2025 reached € 2,175,997, a substantial increase on the € 1,387,589 recorded in 2024. The growth came from three distinct sources, and it is worth being precise about each. The largest share, € 1,976,825, came from donations — overwhelmingly from individual users and small businesses, mostly in Europe. This was the fifth consecutive year in which donations exceeded one million euro, and the highest figure to date. Part of this increase was organic, reflecting the continued strength of LibreOffice downloads. A further part can be attributed to a concrete change: in mid-2025 we introduced a new in-product update notification on Windows, which periodically — after every major release and selected minor ones — informs users that an

The non technical dependency layers: the Calendar and the Invoice

Earlier in this series I described the invisible architecture of lock-in as three stacked layers. A document depends on its format, which depends on a rendering engine to become visible, which depends on the fonts that give it its final shape. Each layer is a dependency the user rarely sees and almost never chooses deliberately, and together they explain why “just open it in something else” so often fails. The argument has always been structural rather than moral: it does not matter whether the vendor is benevolent or predatory, because the dependency exists either way. Two pieces of news from late June give me occasion to extend that architecture. They are not, at first glance, about formats at all. But read structurally, they reveal two further layers of dependency that sit on top of the technical ones. Layers I left implicit until now because the technical case was enough to make the point. It is worth making them explicit, because they complete the account of what dependency actually means. The first piece of news: Microsoft has extended free security updates for Windows 10 by a further year, to October 2027. The original end date for consumer support was October 2026.

LibreOffice releases, features, QA and accessibility – TDF Annual Report 2025

This is part of the Annual Report 2025 from The Document Foundation, the non-profit that coordinates the LibreOffice project and community. More will be posted soon… Releases of the Year LibreOffice’s release plan works on a time-based release schedule, with major updates every six months (typically in February and August). So in other words, there are two new versions of LibreOffice per year. Many other FOSS projects adopt a similar time-based approach, and since 2024, LibreOffice has used a “year.month” versioning scheme – so LibreOffice 25.2, for instance, was released in the second month (February) of 2025. This versioning scheme helps users to see how old (or new) their currently installed version of LibreOffice is. In addition to the major upgrades, there were monthly smaller “point” releases, mainly fixing bugs, compatibility issues and security vulnerabilities. Major Feature Highlights LibreOffice 25.2 was released on February 6. It introduced the ability to read and write ODF version 1.4, alongside numerous interoperability improvements with proprietary OOXML documents. It became possible to automatically sign documents after defining a default certificate. Additionally, Windows 7 and 8/8.1 were designated as deprecated platforms, with support scheduled to be removed in version 25.8, and extensions and features relying

Join the LibreOffice team as a paid system administrator, working on TDF’s infrastructure (full-time, remote, m/f/d)

Love LibreOffice? Got experience with infrastructure and system administration? We are The Document Foundation (TDF), the non-profit entity behind LibreOffice. We’re passionate about free software, the open source culture and about bringing new people with fresh ideas into our project. To assist the LibreOffice community with its work, we are looking for a full-time (remote) Infrastructure and System Administrator, to start as soon as possible. Here’s what you’ll do System orchestration and OS management: Orchestrate, deploy, and maintain all internal and external systems, specifically standard and customised Linux operating systems, with the majority of machines running Debian GNU/Linux. We currently run SaltStack, but proposals for different ways to handle config management and deployment are welcome. Virtualisation and storage infrastructure: Manage virtualisation platforms and hypervisors (KVM/QEMU). Experience with GlusterFS (for the backup system) is a plus, but not mandatory. Database, cloud, and App Administration: Administer database servers such as MariaDB and PostgreSQL, cloud storage repositories (such as Nextcloud), web applications, email services, and developer tooling. Network and hardware maintenance: Maintain core physical and cloud network infrastructure, including routers, switches, and NAS storage, amongst them devices from MikroTik. Security and network access: Oversee firewalls, intrusion detection, antivirus, IP reputation, global mirror systems,

The Document Foundation Releases LibreOffice 26.2.4

Berlin, 5 June 2026 – The Document Foundation today announced the release of LibreOffice 26.2.4, the fourth maintenance update to the LibreOffice 26.2 branch. Building on the major feature release published on February 4, 2026, this update delivers targeted bug fixes and stability improvements contributed by a global community of developers and QA engineers. LibreOffice 26.2.4 is available for immediate download at libreoffice.org/download/ for Windows, macOS, and Linux. Users of LibreOffice 25.8.x should update to LibreOffice 26.2.4 as LibreOffice 25.8 branch will reach end of life on June 12, and after that date the software will not receive security updates. In late August 2026, The Document Foundation will announce LibreOffice 26.8. LibreOffice 26.2 introduced a broad set of improvements to daily productivity workflows, including Markdown import and export, connector shapes in Calc, multi-user Base, faster EPUB export, and mandatory Skia rendering on macOS and Windows for better graphics performance. LibreOffice 26.2.4 consolidates these advances with a focused set of fixes, addressing issues identified by users and testers since the initial release. List of fixes in RC1: wiki.documentfoundation.org/Releases/26.2.4/RC1. List of fixes in RC2: wiki.documentfoundation.org/Releases/26.2.4/RC2. LibreOffice users, free software advocates and community members can support The Document Foundation and the LibreOffice project