It’s another busy edition of In-Process this week with releases and news to share, so let’s dive in:
I know we’ve had a few of these this time around, but we do take security issues seriously. Even though each of these required a specific set of circumstances, we didn’t want anyone exposed. We encourage all users to download NVDA 2021.3.5 if you have not already done so. As we’ve previously noted, we encourage anyone to Responsibly Disclose any potential security issues.
*Please consider the environment and opt not to print In-Process
NVDA 2022.1 Beta 3
We’re powering along towards NVDA 2022.1. We have released another beta – NVDA 2022.1 Beta 3. This beta includes the security fix from NVDA 2021.3.5. It also includes some updated translations.
Please note, if your favourite language has not yet been updated for 2022.1, it is likely still on the way. We have not yet hit the translation string freeze. So we’re still accepting updated translations.
We reported last issue around the best way to responsibly disclose security issues to us. We are now pleased to share that we have formalised that advice into a security policy.
This security policy is also available before creating a new issue on GitHub. In short, we ask that anyone who discovers a potential security issue, to please let us know at firstname.lastname@example.org. Responsible Disclosure is also known as Coordinated Vulnerability Disclosure. This process ensures that even in an open source project, such as NVDA, details of potential vulnerabilities are not made public before a fix is available to most users.
Finally, a very Happy Easter to all our Christian friends, Happy Passover to our Jewish friends, and Ramadan Mubarak to our Islamic friends. A few of the team are taking a couple of days off at this time. If you do need to contact us for anything, please do be patient, and we’ll get back to you as soon as possible.