News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Apache OpenOffice updates

    Home » Forums » Tools » Apache OpenOffice updates

    Author
    Topic
    #2395074

    Apache OpenOffice 4.1.11

    General Remarks
    Apache OpenOffice 4.1.11 is a Security release incorporating other bug fixes and little exhancements. All users of Apache OpenOffice 4.1.10 or earlier are strongly advised to upgrade. You can download Apache OpenOffice 4.1.11 here. Windows 11 users can now also get Apache OpenOffice for selected languages in the Microsoft Store.

    Please review these Release Notes to learn what is new in this version, as well as important remarks concerning known issues and their workarounds.

    Only use the original website “https://www.openoffice.org/download/” to download. The installed software can be verified with the About box (see menu “Help – About OpenOffice”) by comparing the numbers with the reference data on the download webpage (see the text in the light green box). For Apache OpenOffice 4.1.11 it has to be “AOO4111m1 | Build ID 9808 | Rev. bdb20b2a64″…

    1 user thanked author for this post.
    Viewing 0 reply threads
    Author
    Replies
    • #2395103

      I read the AOO 4.1.11 Release Notes (thanks for the link, @Alex5723) and spotted this under Bug Fixes (with a sub-heading of Improvements/Enhancements):

      • The Windows installation file has missing properties and lacks a code signature

      I misunderstood this at first and was curious how an apparently unsigned executable could have fallen through security cracks… so followed the trail backwards through the AOO Bugzilla Fixed Issue List to the individual entry. It showed that this issue first appeared 2012-03-04 in the beta version of OOo 3.4.0 when OpenOffice was signed by Oracle, its then owner. A comment on the issue included:

      In addition to any origin-identifying property information, there is also no digital signature on the .EXE.

      The consequence is the inability of a casual user to use the available Windows provisions for verifying what the executable is described to be and what authority signed the executable. There is therefore no straightforward means of learning that a code signature is not verifiable for any reason.

      A later comment – on 2021-04-21 – noted:

      Since AOO 4.1.8 the Windows installer is signed with a certificate from “The Apache Software Foundation”.

      The properties detail tab is still empty. This is for the NSIS installer exe.

      The buglist shows this issue was finally fixed on 2021-05-05 and added to AOO 4.1.11 on 2021-05-13.

      So… either OpenOffice maintainers were lax about updating the buglist and it re-appeared… or it took 9 years, 2 months, 10 days to finally resolve.

      So… I checked both the AOO 4.1.8 and new AOO 4.1.11 installer executables. Both are digitally code-signed. The issue described is about the ‘Details’ tab, i.e. when you right-click on the executable and choose ‘Properties’.

      AOO_installer_details

      As such, it’s a very minor issue. IMO it shows that antimalware products appear to rely solely on digital signatures and that missing file info doesn’t warrant a warning.

       

      1 user thanked author for this post.
    Viewing 0 reply threads
    Reply To: Apache OpenOffice updates

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.