Versies 3.0.4 en 3.0.5 van Zettlr zijn tegelijkertijd uitgekomen. Zettlr is een op zettelkasten gebaseerde opensource- en crossplatform-markdown editor, waarmee artikelen, e-boeken en content kunnen worden gecreëerd. Ook kan het orde scheppen in de chaos van notities en artikelen, bronvermelding genereren en interactieve vragenlijsten maken. Het is daarmee geschikt voor onder meer ontwikkelaars, onderzoekers, journalisten en bloggers. De releasenotes sinds versie 3.0.3 kunnen hieronder worden gevonden.
Release v3.0.5
Immediately after v3.0.4, we decided to release a minor upgrade that bumps the underlying Electron framework to the most recent version. This will stop segmentation faults in Wayland environments and prevent the flagging of Zettlr in repositories such as AUR due to outdated dependencies.
Dropping Support for macOS 10.13 and 10.14Due to Zettlr's underlying Electron framework dropping support for macOS 10.13 (High Sierra) and 10.14 (Mojave), Zettlr drops support for these operating systems as well. To continue to use Zettlr on a Mac, ensure to update to at least macOS 10.15 (Catalina).
Linux ARM builds functionally againSince Zettlr v3.0.0, Linux users on ARM-machines had the issue that they could not run the app, as a dependency has been compiled for the wrong architecture. Thanks to efforts by @LaPingvino, this has now been finally fixed and you should be able to run the app again just fine on ARM computers with Linux.
Changelog GUI and Functionality Under the Hood
- Update Electron from v25 to the latest available release (
v28.2.1); this fixes segmentation fault issues in Wayland environments (#4877) and ensures that Zettlr keeps running a supported Electron version, which is especially pressing for the Arch Linux repository (see #4887; thanks to @alerque for bringing this to our attention), but also means that macOS 10.13 and 10.14 are no longer supported- Switched to Zig compiler to enable successful compilation for Linux ARM targets (#4910)
Release v3.0.4
Dear users, a security researcher has brought to our attention an issue that can lead to a potential remote code execution (RCE) attack utilizing Zettlr's binary. This issue has been first discovered and exploited in 2023. It is unlikely that you have been affected, since the effort for this exploit is comparatively high and it requires you to take some non-trivial actions. However, since we are committed to making the app as safe as humanely possible to use, and the corresponding fix was pretty easy to implement, we decided to offer this security release that includes the same functionality as Zettlr v3.0.3, but with the added security patch included.
A CVE (Common Vulnerabilities and Exposures) number has been applied for at MITRE, but not yet issued. Once we know the number, we will publish a postmortem on our blog and include some background as well as details about what this issue exactly implied, how it could have been exploited, and how we have mitigated the issue in this patch. Thanks again to user "soulfood" for bringing this to our attention and for the cooperation in fixing the issue in a timely manner.
Changelog GUI and FunctionalityNothing changed.
Under the hood
- Update Electron to the last version 25 update (
v25.9.8)- Add Electron fuses support and disable those that allow certain debug commands to be sent to the binary (e.g.,
--inspect). This can be abused by malicious actors for remote code execution (RCE) attacks (CVE number applied for at MITRE; not yet issued; please see the Zettlr blog for updates)
:strip_exif()/i/2006073678.png?f=thumbmedium)
:strip_icc():strip_exif()/u/316318/evil_smiley2.jpg?f=community){kind=small}
