Does the security issue CVE-2022-3140 | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft affect COOL?
First of all current versions of Collabora Online 21.11 and 22.05 have the patches that fixed the issue, because we use the same source code for Collabora Online and Collabora Office. On the other hand I do not think that this security issue affects Collabora Online. Macros are disabled by default. And even if macro execution is enabled, thanks to the multi-layered security design, Collabora Online isolates each document into a secure jail. In these jails there is virtually nothing. There are no shell, and no binary executables. Therefore the hypothetical attacker cannot execute anything.
3 Likes