Hi everyone,
In July 2020, vulnerabilities that allowed for remote code execution
were discovered within the Score extension [0], which primarily uses
LilyPond [1] to provide musical scores on-wiki. Futher investgation
found more vulnerabilities within LilyPond and firejail.
We are now publishing a security advisory for the Score extension with
information about the discovered vulnerabilities and information
regarding how to secure Score using Shellbox [3]. Please refer to that
for information on how to set up the Score extension in a secure manner.
Thanks,
[0] https://www.mediawiki.org/wiki/Extension:Score
[1] https://lilypond.org/
[2] https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory