LibreOffice

MY number 1 alternative to Microsoft Office. Frankly it handles docx files created by Word better than Word does. LibreOffice does not create 100s of styles behind your back that you don't discover until you try to import it into a Publishing app like Quark etc.

Ok very Simple. Im a builder and I do my own estimates. In Libre any Table you create can be used as a spreadsheet without opening a separate Program allowing you to change items in an instant and see the immediate total. This alone in my case blow Office out of the water.

MY number 1 alternative to Microsoft Office. Frankly it handles docx files created by Word better than Word does. LibreOffice does not create 100s of styles behind your back that you don't discover until you try to import it into a Publishing app like Quark etc.

It's fixed! After months of waiting and an not-good-enough first attempt, the Python script vulnerability in LibreOffice has for-realz been fully patched. It is CVE-2019-9854. Details are available here: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9854/ - - Also patched was CVE-2019-9855, applicable only to Windows users.

While we wait for Son-Of-CVE-2019-9848 to be patched... It turns out that LibreOffice 6.3.4 (6.3.0.4) patched three further security flaws, as per new announcements released yesterday: • CVE-2019-9850 • CVE-2019-9851 • CVE-2019-9852 https://www.libreoffice.org/about-us/security/advisories/

So I wrote to the Devs and heard back from them, for which I am grateful. Here is their response:

"It is not incorrect to state that CVE-2019-9848 was patched in 6.2.5.2, but it is fair to state that it turns out the solution is not totally sufficient and there is an additional problem with the solution.

"A new advisory will be issued with a new CVE number for the follow-up issue when the solution is ready. We're working on making it available."

Stay tuned.... Oh and continue to apply the workaround on this latest version of LibreOffice.

DANGER! Patch FAIL! Version 6.2.5.2 of LibreOffice did NOT successfully patch CVE-2018-16858. It is UNSAFE TO USE! LibreOffice handlers defend suite's security after 'unfortunately partial' patch https://www.theregister.co.uk/2019/08/02/document_foundation_libreoffice_security/ There is a workaround to use in the meantime. It's provided in the article I linked in my previous post. For the sake of simplicity, here is where to find the offending file inside ALL versions of LibreOffice. The file name is "pydoc.py" and you want to either RENAME it or simply DELETE it. This will hurt nothing but the functionality of python scripts in LibreOffice, in my experience. If you don't already know how to navigate into application package Contents, then *do not do this!* You have been warned! LibreOffice.app/ Contents/ Frameworks/ LibreOfficePython.framework/ Versions/ 3.5/ lib/ python3.5/ pydoc.py Notes: • This security hole was made public in October, 2018. Seriously. • Meanwhile, Apache has not addressed the problem AT ALL in OpenOffice! But the same workaround is effective. • I have established that this security hole is NOT present in NeoOffice, the other branch of OpenOffice for Mac. It does not use the offending Python file. But note that NeoOffice costs $15/$30, depending where you buy it. It does offer a trial 'Viewer' version.