#21484 closed enhancement (fixed)
ghostscript-10.05.0
| Reported by: | Joe Locash | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Looks like the currency check missed this one. Full release notes: https://ghostscript.readthedocs.io/en/gs10.05.0/News.html?utm_source=ghostscript&utm_medium=website&utm_content=inline-link
Version 10.05.0 (2025-03-12)
Highlights in this release include:
This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834
In addition one other security fix for which a CVE is pending which will be added to the online version of this document when assigned: News
The 10.05.0 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator. "selectdevice" will be removed in the 10.06.0 release.
We now support production of PDF/X-1a and PDF/X-4a in addition to the existing support for PDF/X-3
IMPORTANT: In the 10.04.0 release we added protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.
See Enabling OCR for more details.
Change History (5)
comment:1 by , 10 months ago
comment:2 by , 10 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 10 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits
fde30b91dc Update to ghostscript-10.05.0. 19bfc920d5 Update to lxml-5.4.0 (Python module). 8b5782e3d3 Update to postfix-3.10.2.
comment:4 by , 10 months ago
| Priority: | elevated → high |
|---|
Several of these vulnerabilities are rated as Critical.
As far as the currency goes, they were fairly consistent with the release titles. For instance the one we have uses "Ghostscript/GhostPDL 10.04.0" so I was looking for a string of characters like "GhostPDL<space><digit>". Now they have changed that title to a not so useful "gs10050".
I've fixed the currency, at least until they don't use "ghostscript-<version>" any more.