From the KODI DEV TEAM: A minor bug fix and security release v17.3
Sorry for this quick bump to v17.3 however we deemed it necessary. In the previous v17.2 we had a slight issue due to packaging certain binary add-ons like PVR, visualisation and Inputstream. Sadly we only uncovered this too late after release. Additionally on the older distros like Ubuntu 14.04 in combination with the available GCC 4.8 compiler an issue surfaced which we had to fix as well. This v17.3 release fixed both these issues and should be completely working again including the missing add-ons.
Fixes done in this release:
- Fixed missing binary add-ons on release time
- Fixed crash on older distros like Ubuntu 14.04 with GCC 4.8 compiler
From previous v17.2 release:
- Fix selection after channelgroup switching in PVR guide window
- Fix handling of gaps that caused eradic behaviour in EPG grid
- Allow backing out of fullscreen pictures by mapping longpress guesture
- Quick fix for wake up command not being called in PVR power management
- Use alternative method to check if platform updates have been installed on Windows
- Set the minimum version in the code which is currently OSX 10.8
- Fix possible security flaw which could abused .zip files which try to traverse to a parent directory
- Use the correct ttc font from the video file for subtitles on Windows
- Detect and delete zero-byte database files which causes crashes
You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contacted us up front to let us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms.
To be clear this possible vulnerability is only present when you first enable a subtitle download add-on and then actually download zipped subtitles. Any subtitles that you already have as text file, are embedded in the video stream or are included with you DVD or Blurays are safe.