Reminder regarding WebKitGTK+ updates



Hi distributors,

I want to remind you that you must regularly update your WebKit
packages when updates are released upstream. WebKitGTK+ 2.12.4 should
be in your updates-testing repositories already for all supported
distributions. WebKitGTK+ 2.12.3 should have been released to your
stable repositories several months ago. So far, very few distributions
have prepared these updates as required.

Failure to update WebKit is *unethical* as it puts your users at risk
of various security vulnerabilities, including remote code execution.
If you do not wish to provide WebKit updates to your users, you are
urged to immediately remove WebKit and its dependencies (e.g. gnome-
shell) from your distribution.

Some distributors are under the mistaken impression that we recommend
only taking micro version updates (e.g. 2.12.x-> 2.12.y). This is
incorrect. You must always update to the latest minor version (e.g.
2.10 -> 2.12). These updates are always API and ABI stable [1]. We have
no intentions of breaking API/ABI in the future except when GTK+ does.

As always, you can find our security advisories at [2].

Michael

[1] with the exception of some undocumented DOM APIs found in the
unstable header; rebuilds may be required for Epiphany, Yelp, and
Evolution

[2] https://webkitgtk.org/security.html


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]