The Internet, October 4, 2011 – The Document Foundation (TDF) publishes some details of the security fixes included with the recently released LibreOffice 3.4.3, and included in the older 3.3.4 version. Following industry best practice, details of security fixes are withheld until users have been given time to migrate to the new version. RedHat security researcher Huzaifa Sidhpurwala identified a memory corruption vulnerability in the code responsible for loading Microsoft Word documents in LibreOffice. This flaw could have been used for nefarious purposes, such as installing viruses, through a specially-crafted file. The corresponding vulnerability description is CVE-2011-2713,”Out-of-bounds property read in binary .doc filter”. LibreOffice 3.4.3 also includes various improvements to the loading of Windows Metafile (.wmf) and Windows Enhanced Metafile (.emf) image formats that were found through fuzz testing. LibreOffice developers have developed some additional security patches and fixes. These are part of a general set of development improvements which are reflected in the overall quality and stability of the software. Most LibreOffice 3.4.3 security fixes have been developed by Caolan McNamara of RedHat and Marc-André Laverdière of Tata Consultancy Services. “Working on fuzzing LibreOffice import filters has been a great experience, and I am glad I could contribute in
Jiajun Xu writes, following on from part 1: The annual community event LibreOffice Asia Conference was held on December 13–14, 2025 in Tokyo, Japan. One of the sessions was a panel discussion titled “Lessons from Open Source Business,” moderated by Franklin Weng, featuring three company leaders from different countries sharing how they run their businesses through open source tools. This article covers Part II: the moderator’s questions and discussion. (Note: photo credits: Tetsuji Koyama, CC BY 4.0) Question 1: Open Source as Business Core vs. Business Using Open Source Technology Franklin first provided some context for this question. In 2022, he wrote a handbook on “Public Money, Public Code” for the Friedrich Naumann Foundation for Freedom. At the press conference marking its release, someone asked him about open source business, and he proposed two models: “Open source as the business core”: You start with open source software, then think about building a business around it. “Business using open source technology”: You start with a business model, then consider which tools to use. He emphasized that neither approach is inherently better or worse — the distinction simply serves as a useful way to frame the discussion. Franklin then asked the panelists
Jiajun Xu writes: The annual community event LibreOffice Asia Conference was held on December 13-14 2025 in Tokyo, Japan. One of the sessions was a panel discussion titled “Lessons from Open Source Business,” moderated by Franklin Weng, featuring three company leaders from different countries sharing how they run their businesses with open source tools. This article covers the first part of the panel: the business introductions. (Note: photo credits: Tetsuji Koyama, CC BY 4.0) Business Introductions Germany: Lothar Becker and .riess applications The first to present was Lothar Becker from Germany, Managing Director and owner of “.riess applications.” The company primarily operates in Europe, providing consulting services based on open source solutions. Lothar described himself as not being development-oriented, but rather focused on client relationships and consulting — a personal trait that has shaped the company’s direction. As a consulting firm, a defining feature of .riess’s business model is that it does not charge for technical support or long-term support licensing fees. Instead, they productize their expertise as consulting services. This means .riess operates on a people- and time-based revenue model, which does not lend itself to the kind of exponential revenue scaling that SaaS companies achieve through near-zero marginal
Brazil’s Lei 15.211/2025, also known as the Estatuto Digital da Criança e do Adolescente (EDCA), came into force on 17 March 2026. It is one of the world’s most comprehensive digital child protection laws, with profound implications for the Brazilian education system. School administrators, IT managers, and education policymakers now have a legal obligation to consider every technology product deployed in classrooms. LibreOffice, the FOSS office suite developed and maintained by The Document Foundation, is uniquely positioned to meet these obligations by design. What the law actually requires The EDCA establishes that every IT product or service directed at children and adolescents – or “likely to be accessed” by them – must guarantee their integral protection, prioritise their best interests and maintain the highest level of privacy and data security (Art. 3). Among the law’s key requirements are: Privacy by default and by design. Products must operate at the highest available level of data protection as a default setting, and any reduction in protection must require explicit, informed consent (Art. 7). No behavioural profiling. Any form of automated or manual profiling of minors based on behaviour, preferences, economic status or location is subject to strict limitations (Arts. 2(V) and 26).
Germany has made ODF mandatory as the standard format for documents within its sovereign digital infrastructure. The decision is incorporated into the Deutschland-Stack, the framework governing the development, procurement and management of digital systems for public administration at all levels. This is neither a pilot project nor a recommendation from a working group, but a mandate backed by the federal government and the coalition agreement. The official document has been published by the IT-Planungsrat, the central political steering body comprising the federal government and state governments, which promotes and develops common, user-oriented IT solutions for efficient and secure digital administration in Germany: https://www.it-planungsrat.de/beschluss/b-2026-03-it. At this point, the question for all other European governments is clear: what are you waiting for? With this decision, the distinction between those who care about digital sovereignty and those who do not becomes stark. There are no more excuses Over the years, public administrations in Europe have accumulated a series of tired excuses, long since overtaken by the facts, for not making standard and open document formats mandatory. Let’s examine them one by one. ODF isn’t mature enough. ODF has been an ISO standard since 2006. It is now at version 1.4, with active development,
Join us in Pordenone, Italy, to share what you are doing for and with LibreOffice, how you are integrating LibreOffice in your infrastructure, how you are using LibreOffice to achieve Digital Sovereignty, and how LibreOffice can be used in Education. The Document Foundation invites TDF Members, contributors and the wider FOSS community to submit talks, lectures and workshops for this year’s LibreOffice Conference that will be held in Pordenone, Italy. The event will take place from the 10th to the 12th of September, with an informal community meeting on September 9, and collateral events (in Italian) targeted to Italian enterprises and public administrations on September 9 and September 11. Proposals should be filed by June 15, 2026 in order to guarantee that they will be considered for inclusion in the conference program. Please provide an abstract of your talk, and a short bio of yourself. These will help organizers in selecting the talks, and putting together the conference schedule. The conference program will be based on the following tracks: a) Development (APIs, Extensions, Current and New Features) b) Quality Assurance and Software Security c) Localization, Documentation and Native Language Projects d) Appealing LibreOffice: Ease of Use, Design and Accessibility e)
