Index: general.ent
===================================================================
--- general.ent (revision 2ee8145bade5e121e8fd0cae8c40e89ecadd01ef)
+++ general.ent (revision fc0828f515a51f4fcd76acb12138c1dec520f98d)
@@ -1,5 +1,5 @@
-
+
@@ -7,5 +7,5 @@
-
+
Index: introduction/welcome/changelog.xml
===================================================================
--- introduction/welcome/changelog.xml (revision 2ee8145bade5e121e8fd0cae8c40e89ecadd01ef)
+++ introduction/welcome/changelog.xml (revision fc0828f515a51f4fcd76acb12138c1dec520f98d)
@@ -43,4 +43,15 @@
-->
+ March 10th, 2021
+
+
+ [ken] - Add a caution about unpatched security vulnerabilities
+ in QtWebEngine and Falkon. Addresses
+ #14729.
+
+
+
+
+
March 8th, 2021
Index: x/lib/qtwebengine.xml
===================================================================
--- x/lib/qtwebengine.xml (revision 2ee8145bade5e121e8fd0cae8c40e89ecadd01ef)
+++ x/lib/qtwebengine.xml (revision fc0828f515a51f4fcd76acb12138c1dec520f98d)
@@ -39,4 +39,19 @@
chromium developers.
+
+
+
+ QtWebEngine uses a forked copy of chromium, and is therefore vulnerable
+ to many issues found there. The Qt developers have always preferred to
+ make releases at the same time as the rest of Qt (rather than adding
+ emergency fixes). Now that they are keen to move to Qt6, the 5.15.3 and
+ later Qt-5.15 releases are initially only available to paying customers.
+ QtWebEngine is something of an exception because of its LGPL licence,
+ but the source in git and its forked submodules is not neatly packaged.
+ Until someone is able to build this on BLFS, using this package and
+ browsers which use it leaves you open you to unpatched security
+ vulnerabilities.
+
+
&lfs101_checked;
Index: xsoft/graphweb/falkon.xml
===================================================================
--- xsoft/graphweb/falkon.xml (revision 2ee8145bade5e121e8fd0cae8c40e89ecadd01ef)
+++ xsoft/graphweb/falkon.xml (revision fc0828f515a51f4fcd76acb12138c1dec520f98d)
@@ -41,4 +41,18 @@
functionality).
+
+
+
+ Falkon re;lies on QtWebEngine. That uses a forked copy of chromium, and
+ is therefore vulnerable to many issues found there. The Qt developers
+ have always preferred to make releases at the same time as the rest of Qt
+ (rather than adding emergency fixes). Now that they are keen to move to
+ Qt6, the 5.15.3 and later Qt-5.15 releases are initially only available
+ to paying customers. QtWebEngine is something of an exception because of
+ its LGPL licence, but the source in git and its forked submodules is not
+ neatly packaged. Until someone is able to build this on BLFS, using
+ falkon leaves you open you to unpatched security vulnerabilities.
+
+
&lfs101_checked;