This talk provides an update on recent & upcoming improvements in LibreOffice, for an even safer operation.\n\nAs an office suite with a lot of functionality, as well as lots of ways to throw 'active content' aka macros at it, LibreOffice, just like its commercial brethren, provides a rather large attack surface.\n\nTo mitigate that, the German Federal Agency for Computer Security (BSI) has published a best practice handbook for secure deployments of LibreOffice, as well as funded a number of additional improvements. This talk will showcase the most important ones, as well as provide suggestions for further development and security-hardened deployments:\n\n* fully automatic background updates under Windows\n* bulk disabling of active content\n* non-overridable admin configurations for all of LibreOffice\n* better password security, including much-improved ODF document encryption\n* disabling and removal of unsafe network protocols\n\nAlongside of the above, the talk will suggest a number of additional best practices - for deploying LibreOffice configured as securely as possible.\nabout this event: https://chemnitzer.linux-tage.de/2024/de/programm/beitrag/311