security related information, CVE-2019-9854, CVE-2019-9855
td;dr: Upgrade to 6.2.7 or 6.3.1
CVE-2019-9854 Unsafe URL assembly flaw in allowed script location check
Protection was added to address CVE-2019-9852, to avoid a directory
traversal attack where scripts in arbitrary locations on the file
system could be executed by employing a URL encoding attack to defeat
the path verification step.
However this protection could be bypassed by taking advantage of a flaw
in how LibreOffice assembled the final script URL location directly
from components of the passed in path as opposed to solely from the
sanitized output of the path verification step.
When the execution of LibreLogo from scripts was blocked we didn't take
into account that, under Windows, file names longer than eight
characters can be addressed via a compatibility 8.3 filename which