[webkit-gtk] How to fix CVEs of webkitgtk 2.36.x
kai.7.kang at gmail.com
Sun Mar 26 23:17:19 PDT 2023
On Wed, Mar 22, 2023 at 7:01 PM Michael Catanzaro <mcatanzaro at redhat.com>
> On Wed, Mar 22 2023 at 11:26:56 AM +0200, Adrian Perez de Castro
> <aperez at igalia.com> wrote:
> > Recently advisories published by Apple include the Bugzilla issue
> > numbers
> > (e.g. ), so with some work you can find out which commits
> > correspond to
> > the fixes.
> It finally occurs to me that since Apple now publishes the bug
> information, we could start publishing revision information. We'd want
> to fix  first.
Hi Adrián and Michael,
Thanks. I'll try to do more search for the existing CVEs.
> > WebKitGTK 2.38.x is backwards compatible with 2.36.x, you can safely
> > update
> > without needing to change applications. In general, we always keep
> > the API and
> > ABI backwards compatible.
> For avoidance of doubt, WebKitGTK 2.40.x is backwards-compatible as
> well and that will remain true indefinitely, as long as you continue to
> build the same API version . Adrian might be planning one last
> 2.38.x release, but it's really time to move on to 2.40.
> On rare occasions, an upgrade might affect the behavior of particular
> API functionality within the same API version, but this is unusual and
> is avoided whenever possible. I don't think any APIs broke between 2.36
> and 2.40, so that shouldn't be a problem for you this time. The goal is
> for upgrades to be as safe as possible.
Great. Your comments will be powerful evidence to upgrade webkitgtk on
Yocto lts release.
Thanks a lot.
>  https://bugs.webkit.org/show_bug.cgi?id=249672
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-gtk