Bugfix release 2.2.0.1This is a bugfix release for official stable release 2.2.0.
It fixes a minor vulnerability (CVE-2023-30259) with a mature shapelib contained in our codebase.
The vulnerability addresses only the plugin Importshp, which is used to import shape files (SHP/SHX/DBF).
Shape files are used in surveying and so do not affect the most users.
As this is probably not a widely used plugin, the fix was just to remove the plugin.
If you are a surveyor and need the shape file support, it is safe to stay with 2.2.0 version, as long as you know the origin of the used shape files.
The vulnerability is an out-of-bounds read, what means, if a malformed shape file is imported, the application can crash.
With some efforts an attacker possibly can create a shape file, which can lead to unintended code execution and seize your computer.
But this is a worst case scenario, which I would rate as extremely low to occur.