GNU Emacs editor released new 29.3 as an emergency bug-fix release this Sunday.
The new release intended to fix several security vulnerabilities described below:
- Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code.
- New buffer-local variable ‘untrusted-content’. When this is non-nil, Lisp programs should treat buffer contents with extra caution.
- Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, ‘untrusted-content’ should be reset to nil in the buffer.
- LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable
org--latex-preview-when-riskyto a non-nil value. - Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling
file-remote-p.
How to get GNU Emacs 29.3 in Linux
Emacs does NOT provide official package for Linux.
Besides building from source tarball, here are a few community maintained packages, including Snap package which is available in Ubuntu Software (App Center), and Flatpak package runs in sandbox for most Linux.
For those who prefer the classic .deb package format, I’ve uploaded the package into this unofficial PPA for Ubuntu 20.04, Ubuntu 22.04, Ubuntu 23.10, and Ubuntu 24.04.
The PPA package is NO change backport from Debian Unstable, but without well testing. Use it at your own risk. To add the PPA and install Emacs 29.3 from it, open terminal (Ctrl+Alt+T) and run commands one by one:
sudo add-apt-repository ppa:ubuntuhandbook1/emacs
sudo apt update
sudo apt install emacs emacs-common