cross-posted from: https://lemm.ee/post/27699104
From the NEWS file: Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities described below.
Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code.
New buffer-local variable ‘untrusted-content’. When this is non-nil, Lisp programs should treat buffer contents with extra caution.
Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, ‘untrusted-content’ should be reset to nil in the buffer.
LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable ‘org–latex-preview-when-risky’ to a non-nil value.
Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling ‘file-remote-p’.