Possibly security vulnerabilities in blender?

I originally posted this on blenderartists.org but they directed me here.

I’ve just been asked by the infrastructure team at our organisation to remove Blender from my work laptop due to ‘security vulnerabilities’.

I did a little searching and all I found the following list of vulnerabilites https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=blender The last update was on 2018-08-14 and pertains to version 2.78c so there’s nothing recent.

I keep my blender install up to date (currently using the latest release build 2.81) so I was wondering, are any of the listed vulnerabilities still outstanding in 2.81 or have these all been addressed?

Is there somewhere I can find details of how/when these vulnerabilities have been addressed or, if they’ve not been, evidence that they have been considered?

I like to use blender at lunch times and down time at work as I find it quite therapeutic. I’m hoping that, If I can put the infrastructure team’s minds at rest, maybe they won’t take away my toy!

1 Like

The vulnerabilities reported by Talos have all been fixed as far as I’m aware (T52924).

Thanks, I’ll forward this to our infrastructure team and, hopefully, they’ll allow me to keep blender :crossed_fingers: