From: Stefan Kangas Date: Sat, 29 Jun 2024 14:48:49 +0000 (+0200) Subject: Document security fixes in FAQ X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=ff76685257b052a7dd2d5a22c611e95227f88c91;p=emacs.git Document security fixes in FAQ * doc/misc/efaq.texi (New in Emacs 29): Recommend using Emacs 29.4. * doc/misc/efaq.texi (Security risks with Emacs): New item with a recommendation to upgrade Emacs for improved security. (cherry picked from commit d95f039af4373e1f96c72f4825c194a1ef427cff) --- diff --git a/doc/misc/efaq.texi b/doc/misc/efaq.texi index cb80591b403..eaedc7f0d05 100644 --- a/doc/misc/efaq.texi +++ b/doc/misc/efaq.texi @@ -1004,6 +1004,9 @@ Here's a list of the most important changes in Emacs 29 as compared to Emacs 28 (the full list is too long, and can be read in the Emacs @file{NEWS} file by typing @kbd{C-h n} inside Emacs). +Note that Emacs 29.3 and 29.4 both contained important security fixes. +Upgrading is particularly important if you use Emacs as a mail client. + @itemize @item Emacs can now be built with the @@ -3651,6 +3654,21 @@ same privileges as the Emacs process itself. Be aware of this when you use the package system (e.g. @code{M-x list-packages}) with third party archives. Use only third parties that you can trust! +@item +Using an out-of-date Emacs version. + +For security purposes, we recommend always using the latest officially +released version of Emacs. Using old versions of Emacs might put your +security at risk, as newer versions occasionally include important +security fixes. Please review the Emacs release notes and the +@file{etc/NEWS} file for details. + +Upgrading to the most recent version is particularly important if you +use Emacs as a mail client, or to edit files that come from untrusted +sources. You should be able to install the latest version of Emacs +through your system's package manager, and it is always available at +@uref{https://www.gnu.org/software/emacs/, the Emacs website}. + @item The @code{file-local-variable} feature. (Yes, a risk, but easy to change.)