Papers 48.10
----------------

* Bug fixes:
  - escape link arguments before spawning a new process (related to CVE-2026-46529 of Evince)