Version | Change log |
Ghostscript 10.04.0 Sep 19, 2024 |
Amongst other general bugs fixes, this release addresses: CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955 CVE-2024-46956 |
Ghostscript 10.03.1 Sep 6, 2024 |
Patch release to address security bugs: CVE-2024-33869 CVE-2023-52722 CVE-2024-33870 CVE-2024-33871 CVE-2024-29510 Also note: For the 10.04.0 release (fall/autumn 2024) we will be adding protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device. Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change. The exception is "nulldevice", switching to that requires no special action. |