We have just released Typst 0.14.2. We are publishing this patch release so shortly after 0.14.1 because a memory handling vulnerability was found in the WebAssembly runtime used for executing Typst plugins. Based on our investigation, this vulnerability would be very hard to exploit in practice, but an exploit could theoretically be feasible. For this reason, we highly recommend upgrading to Typst 0.14.2. This holds in particular for local users. In the web app, the bug is not critical as the browser offers an extra layer of protection. View the changelog for Typst 0.14.2 for more details.
Locally, upgrading works as usual: Via typst update, cargo, or the package manager of your choice locally. (Note that versions in package managers might take a bit of time to update.) In the web app, the patch is applied automatically.