On Fri, Jan 9, 2015 at 7:26 PM, Niranjan Rao <nhrdls@gmail.com> wrote:<br>
<blockquote type="cite"><div class="plaintext" style="white-space: pre-wrap;">Greetings,
Right now we are on 2.2.6 version and we are thinking of upgrading. Most interesting stuff for us is POODLE vulnerability fix.</div></blockquote><div><br></div><div>You can mitigate POODLE without any update by setting an environment variable before launching the browser:</div><div><br></div><div>export G_TLS_GNUTLS_PRIORITY=NORMAL:%COMPAT:%LATEST_RECORD_VERSION:-VERS-SSL3.0</div><div><br></div><div>If you upgrade to 2.4.8 and use the WebKit2 API, you won't need to do that anymore, but if you use the WebKit1 API, you must still do that for yourself. For WebKit1 applications, consider setting it with setenv() on the very first line of main(). See [1] for more info on this.</div><br><blockquote type="cite"><div class="plaintext" style="white-space: pre-wrap;">The site mentions three versions 2.4.8/2.7.3/2.6.4. Which version should be use?</div></blockquote><div><br></div><div>2.7.3 is the unstable version. You don't want that. The odd second digit indicates that it's unstable, even indicates stable.</div><div><br></div><div>2.6.4 is the latest stable version, but 2.4.8 is the last version with the WebKit1 API. If your application uses WebKit1, you need to stick with 2.4.x until you have updated it to use the WebKit2 API. 2.6.x and 2.4.x are parallel-installable for this reason.</div><br><blockquote type="cite"><div class="plaintext" style="white-space: pre-wrap;">We have a custom extension working for version 2.2.6. Should be expect any surprises for the extension if we upgrade to newer version?</div></blockquote><div><br></div><div>2.2.x -> 2.4.x should be easy and relatively safe (there will be the usual mix of bugfixes and new bugs). Both of these versions include both the WebKit1 and WebKit2 API, to make it easier to transition. Then you can upgrade to 2.6.x once your app has been ported to WebKit2 (if it hasn't been already).</div><div><br></div><blockquote type="cite"><div class="plaintext" style="white-space: pre-wrap;">Right now we are on Ubuntu 12.04. We did compile/install all the required dependencies needed for 2.2.6 that were not part of standard Ubuntu repositories - mostly newer versions of libraries. Will latest code run Ubuntu 12.04 if we manage to install dependencies?</div></blockquote><br><div>If you can install all the dependencies, then it will probably work fine. Good luck.</div><div><br></div><div>Michael</div><div><br></div><div>[1] <a href="https://lists.webkit.org/pipermail/webkit-gtk/2014-October/002110.html">https://lists.webkit.org/pipermail/webkit-gtk/2014-October/002110.html</a></div>