Changeset 6ab9228f
- Timestamp:
- 04/10/2024 02:59:53 AM (3 weeks ago)
- Branches:
- trunk
- Children:
- 9ea306c
- Parents:
- bd96786
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
x/lib/qtwebengine.xml
rbd96786 r6ab9228f 34 34 </para> 35 35 36 <para> 37 This package and browsers using it may be useful if you need to use a 38 website designed for google chrome, or chromium, browsers. 39 </para> 36 <para> 37 This package and browsers using it may be useful if you need to use a 38 website designed for google chrome, or chromium, browsers. 39 </para> 40 41 <warning> 42 <para> 43 QtWebEngine uses a forked copy of chromium, and is therefore vulnerable 44 to many issues found there. The Qt developers seem to fork a newer 45 version for minor Qt versions, but because chromium moves to newer 46 versions very often, by the time the Qt developers get a forked version 47 to pass their extended tests it is always an old version and security 48 fixes from chromium (some of which have a CVE number) can take several 49 months to appear in a QtWebengine release, even if the severity has been 50 rated as Critical. 51 </para> 52 53 <para> 54 Therefore, you should be wary of using QtWebEngine in a sensitive 55 context and should always update to the next release as soon as it 56 appears in this book, even if is not flagged as a Security Update. 57 Identifying which vulnerabilities have been fixed in a particular 58 release requires pulling the appropriate 'based-NNN' branch just before 59 the previous and current releases and is often impractical. Reports of 60 fixed QTBUG items do not seem to be available and there is not any 61 documentation in the tarball for changes after the qt-5 versions. 62 </para> 63 </warning> 40 64 41 65 &lfs121_checked;
Note:
See TracChangeset
for help on using the changeset viewer.