Mailing List Archive

Extension:Score security advisory
Hi everyone,

In July 2020, vulnerabilities that allowed for remote code execution
were discovered within the Score extension [0], which primarily uses
LilyPond [1] to provide musical scores on-wiki. Futher investgation
found more vulnerabilities within LilyPond and firejail.

We are now publishing a security advisory for the Score extension with
information about the discovered vulnerabilities and information
regarding how to secure Score using Shellbox [3]. Please refer to that
for information on how to set up the Score extension in a secure manner.


MediaWiki announcements mailing list
To unsubscribe, go to: