[ANNOUNCE] Emacs 25.3 released

[Nicolas Petton]

Hi!

Version 25.3 of the Emacs text editor is now available.

For more information on Emacs, see:
  http://www.gnu.org/software/emacs

You can retrieve the source from your nearest GNU mirror by using one
of the following links:
  http://ftpmirror.gnu.org/emacs/emacs-25.3.tar.xz
  http://ftpmirror.gnu.org/emacs/emacs-25.3.tar.gz

You can get the PGP signatures at
  http://ftp.gnu.org/gnu/emacs/emacs-25.3.tar.xz.sig
  http://ftp.gnu.org/gnu/emacs/emacs-25.3.tar.gz.sig

You can choose a mirror explicitly from the list at:
  http://www.gnu.org/prep/ftp.html

Mirrors may take some time to update; the main GNU ftp server is at:
  http://ftp.gnu.org/gnu/emacs/

This is an emergency release to fix a security vulnerability in Emacs.

Enriched Text mode has its support for decoding 'x-display' disabled.
This feature allows saving 'display' properties as part of text.
Emacs 'display' properties support evaluation of arbitrary Lisp forms
as part of instantiating the property, so decoding 'x-display' is
vulnerable to executing arbitrary malicious Lisp code included in the
text (e.g., sent as part of an email message).

This vulnerability was introduced in Emacs 19.29.  To work around that
in Emacs versions before 25.3, append the following to your ~/.emacs
init file:

  (eval-after-load "enriched"
    '(defun enriched-decode-display-prop (start end &optional param)
       (list start end)))

Gnus no longer supports "richtext" and "enriched" inline MIME objects.
This support was disabled to avoid evaluation of arbitrary Lisp code
contained in email messages and news articles.


Printed copies of the Emacs manual are available for purchase from the
Free Software Foundation's online store at:
  http://shop.fsf.org/product/emacs-manual/

(The version on sale is updated for Emacs 24.2, but it remains a great
reference book for current Emacs, and buying a copy is a great way to
support the work of the FSF.)

Regards,
Nico

signature.asc
Description: PGP signature