Open Source

45368 readers

1086 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

319

LibreOffice learns to speak Markdown in version 26.2 (www.theregister.com)

submitted 5 days ago by Zerush@lemmy.ml to c/opensource@lemmy.ml

14 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] ClassyHatter@sopuli.xyz 55 points 5 days ago (1 children)

Hopefully it doesn't have any Remote Code Execution vulnerabilities, like Microslop's implementation had.

[–] jdnewmil@lemmy.ca 21 points 5 days ago (3 children)

How in the world did they manage that? Did they implement it internally as a TCP API and expose it?

[–] ClassyHatter@sopuli.xyz 33 points 5 days ago (1 children)

I don't know the technicalities, but Markdown supports links, and it's possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.

[–] thorhop@sopuli.xyz 20 points 5 days ago

Basically Notepad would pass the link to ShellEx and could launch executables.

[–] warmaster@lemmy.world 27 points 5 days ago

It was like:

Hey Copilot, add Markdown support in Word

Sure thing Satya! There you have it, I made sure not to add any vulnerabilities like you always tell me.

[–] jol@discuss.tchncs.de 4 points 5 days ago

They probably vibe coded it, and only copilot reviewed and merged the code.