In July 2020, vulnerabilities that allowed for remote code execution
were discovered within the Score extension , which primarily uses
LilyPond  to provide musical scores on-wiki. Futher investgation
found more vulnerabilities within LilyPond and firejail.
We are now publishing a security advisory for the Score extension with
information about the discovered vulnerabilities and information
regarding how to secure Score using Shellbox . Please refer to that
for information on how to set up the Score extension in a secure manner.