Created attachment 189994 [details] Macro Security dialog The default Macro Security level setting is High and its description is saying: Only signed macros from trusted sources are allowed to run. Unsigned macros are disabled. Its accessible description is: Trusted sources can be set on the Trusted Sources tab page. Only signed macros from a trusted source are allowed to run. In addition, any macro from a trusted file location is allowed to run. When examining the source code: https://cgit.freedesktop.org/libreoffice/core/tree/sfx2/source/doc/docmacromode.cxx#n112 (here the High level of UI equals case 2: MacroExecMode::FROM_LIST_AND_SIGNED_WARN ) and compare to API documentation: https://api.libreoffice.org/docs/idl/ref/namespacecom_1_1sun_1_1star_1_1document_1_1MacroExecMode.html#a9e462e84a6c5dc09a3cc57f90b51c548 "Execute only macros from secure list or macros that are signed by trusted certificates. If the macro is neither in secure list nor signed it will not be executed. If the macro is signed with unknown certificate a warning will appear. The macro either will not be executed or if the warning allows conformation, it will be executed after user agrees." It can be seen that the short description is incorrect: it should mention that macros from Trusted Sources OR signed macros will be executed. Proposal is to change the short text to: "Only signed macros and macros from trusted file sources are executed" and the accessible descriptions second sentence should be changed to: "Only signed macros are allowed to run." Version: 24.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 0c4913e03e8427a576138601958f2dbf13b8c37b CPU threads: 8; OS: Linux 5.4; UI render: default; VCL: gtk3 Locale: hu-HU (hu_HU.UTF-8); UI: en-US Calc: threaded
Gabor Kelemen committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/2fe996067fcd2086d679a4b1de441cfec7b06579 tdf#157588 Clarify meaning of High macro security level It will be available in 24.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Taichi Haradaguchi committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/095e9be9d1be7fbc7dc611aa875202a4e5837cad tdf#157588 More clarify meaning of High macro security level It will be available in 24.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Taichi Haradaguchi committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/4acd25cced4c22dd4dd4f718eb5a12f870fb93a9 tdf#157588 fix extended_tip It will be available in 24.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.