Software update: LibreCAD 2.2.0.1

Version 2.2.0.1 of LibreCAD has been released. This open source and cross-platform program started out as CADuntu with the intention of adding CAM functionality to the community edition of QCad. Shortly after its inception, the name was changed to LibreCAD. More information about the program is in the wiki available. The release notes for version 2.2.0.1 can be found below.

Bug fix release 2.2.0.1

This is a bug fix release for official stable release 2.2.0. It fixes a minor vulnerability (CVE-2023-30259) with a mature shapelib contained in our codebase. The vulnerability addresses only the plugin Importshp, which is used to import shape files (SHP/SHX/DBF).
Shape files are used in surveying and so do not affect the most users. As this is probably not a widely used plugin, the fix was just to remove the plugin.

If you are a surveyor and need the shape file support, it is safe to stay with 2.2.0 version, as long as you know the origin of the used shape files. The vulnerability is an out-of-bounds read, which means, if a malformed shape file is imported, the application can crash. With some efforts an attacker possibly can create a shape file, which can lead to unintended code execution and seize your computer. But this is a worst case scenario, which I would rate as extremely low to occur.