Comment 3 for bug 1796563

Yeah, but it's not immediately obvious if you're not familiar with imagemagick internals (I certainly didn't know what policy.xml was), and it's part of 70 lines of changes.

Given this is flat out disabling a big chunk of functionality in something frequently used as part of other programs / scripts, in an LTS release, a mention in NEWS or README or something might be an idea. Or at least a more verbose changelog entry.

Is this the recommended long-term solution to whatever the underlying vulnerability is, or is it a stop-gap until something else - I assume ghostscript - is properly patched?