LibreOffice

Free, open-source office suite. No account, no cloud, no tracking. Runs offline.

Open source

Strong

https://www.libreoffice.org · Reviewed 2026-04-03 · Editorial assessment by Mike Schneider — based on public security research and audits

What should journalists know about LibreOffice?

LibreOffice is the default recommendation for journalists who need an office suite and want to pay nothing while collecting zero telemetry. Writer, Calc, Impress, and Draw cover word processing, spreadsheets, presentations, and vector graphics. The software processes everything locally. No account required. No data leaves your machine. The Document Foundation, a German nonprofit established in 2010, stewards LibreOffice. TDF forked from OpenOffice.org after Oracle's acquisition made the community's future uncertain. That independence has been tested. In June 2025, TDF's board expelled over 30 developers employed by Collabora and allotropia — the two companies responsible for roughly 80% of all commits to the codebase, including seven of LibreOffice's all-time top ten core committers. The stated rationale was conflicts of interest between commercial employment and Foundation membership. Collabora responded that it would continue contributing "where that makes sense" but would stop investing heavily in building TDF's community. This governance crisis is the biggest risk to LibreOffice's future. The software works well today. Whether it continues to receive the same quality of maintenance depends on resolving the rift between the nonprofit and the companies whose engineers actually write the code. As of early 2026, Collabora launched Collabora Office Desktop as a competing product, and TDF announced it would resume developing LibreOffice Online. On security: LibreOffice has had notable CVEs. CVE-2025-1080 exposed users to remote code execution through manipulated macro URLs — patched in March 2025. CVE-2025-2866 allowed PDF signature spoofing. CVE-2025-14714 was a macOS-specific authentication bypass where LibreOffice's bundled Python inherited TCC permissions. All were patched. Keep LibreOffice updated. Disable macros from untrusted sources. The ODF 1.4 standard was approved by OASIS Open in December 2025 — LibreOffice's default format. ODF is an open, vendor-neutral document format. For long-term document preservation and interoperability, it beats proprietary formats. Microsoft Office compatibility is good but not perfect. Complex formatting, VBA macros, and advanced Excel features can break on import. For collaborative work with Microsoft-dependent colleagues, expect friction.

Best for

Offline document editing, working with ODF files, budget-zero newsrooms, environments with restricted internet access, long-term document archiving in open formats, basic spreadsheet analysis.

Not for

Real-time collaborative editing (Google Docs is better). Heavy VBA macro workflows (stay with Excel). Newsrooms deeply embedded in Microsoft 365 ecosystems where compatibility friction would slow production. Advanced desktop publishing (use InDesign or Scribus).

Security & Privacy

Encryption in transit Yes

Data is scrambled while being sent to their servers

Encryption at rest Yes

Data is scrambled when stored on their servers

Data jurisdiction All local. LibreOffice processes everything on your machine. No cloud component. No telemetry. No data leaves your device unless you explicitly export or share files.

Where servers are located — affects which governments can request your data

Security rating Strong

LibreOffice collects no personal data, no usage metrics, and no diagnostic information. Fully GDPR-compliant by design — there is nothing to comply with because nothing is collected. No account required. No network connections made during normal use. Update checks can be disabled entirely.

How to protect yourself:

Download only from libreoffice.org — avoid third-party repackagers. Keep updated for security patches (CVE-2025-1080, CVE-2025-2866, CVE-2025-14714 all required updates). Set macro security to High or Very High in Tools > Options > Security > Macro Security. Never enable macros in documents from unknown sources. Use version 25.2.4 or later to avoid the macOS authentication bypass. For sensitive documents, LibreOffice supports ODF encryption with AES-256.

All processing is local. No telemetry, no cloud, no account required. Zero data collection by design. ODF encryption supports AES-256. The main security concern is keeping the software updated — several critical CVEs were patched in 2025 (remote code execution, PDF signature spoofing, macOS privilege escalation). Macro security should be set to High. The governance crisis does not affect the current software's security, but it raises questions about the pace of future security patches if core contributors reduce their involvement.

Who Owns This

Owner The Document Foundation (TDF), a German nonprofit (gemeinnützige Stiftung) established in 2010. Headquartered in Berlin. Board-governed with elected membership. Current governance under strain after June 2025 developer expulsions.

Funding Donations, corporate sponsorships, and ecosystem certification fees. TDF's 2024 annual report emphasized end-user privacy as a core mission. No venture capital. No advertising. The Foundation funds one site reliability engineer and infrastructure costs.

Business model LibreOffice is free. TDF certifies commercial support providers (Collabora, allotropia, CIB) who sell enterprise support, training, and hosted LibreOffice deployments. TDF earns certification fees. No direct monetization of the desktop product.

Known issues

Governance crisis (June 2025): TDF expelled 30+ developers from Collabora and allotropia — roughly 80% of the codebase's active contributors. The rift centers on whether employees of commercial LibreOffice companies can serve as independent Foundation members. The expelled developers include most of LibreOffice's top committers. Long-term maintenance quality depends on resolving this. Security vulnerabilities: CVE-2025-1080 (remote code execution via macro URLs, critical, patched March 2025). CVE-2025-2866 (PDF signature spoofing, patched). CVE-2025-14714 (macOS TCC permission bypass via bundled Python, patched in 25.2.4). CVE-2025-0514 (additional vulnerability, patched). Users must stay current on updates. Microsoft Office compatibility: Complex .docx formatting, pivot tables, VBA macros, and conditional formatting can break or degrade on import. Not a drop-in replacement for advanced Microsoft 365 workflows. No real-time collaboration: LibreOffice Online development was paused for years while Collabora built the commercial Collabora Online. TDF announced it would resume LibreOffice Online development in early 2026, but the product is not yet mature. Competing forks: Collabora Office Desktop (November 2025) competes directly with the desktop LibreOffice product, fragmenting the ecosystem.

Pricing

Free and open-source (Mozilla Public License 2.0). No subscription, no account, no upsells. Enterprise support available from certified partners like Collabora.

This is an editorial assessment based on publicly available information as of 2026-04-03, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.

Something wrong or outdated? Report it.