The KDE neon team has discovered that the package archive server for KDE neon had a security hole which could have let attackers upload their own packages to the KDE software repository. While there is no evidence of malicious activity, the project is suggesting users either upgrade the packages on their system or, for extra protection, re-install the KDE neon operating system. "Anyone discovering the insecure archive server could have uploaded packages to it which would be installed and run on computers running KDE neon. We do not believe this has happened but would welcome reports of any problems. This does not impact KDE software distributed by any other means, i.e. other distributions or the source tarballs." The project's security advisory has more information.