mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-18 03:34:58 +00:00
qtwebkit: Mark known vulnerable
The browser engine is based off an old Webkit version, receives no security backports, does no releases. The WebKitGTK people have counted over 500 CVEs they fixed since 2016. Adding known vulnerable to make people aware they're using a browser engine that is not up to todays standards and could very likely be easily compromised. Projects are recomended to migrate to qtwebengine instead. https://blogs.gnome.org/mcatanzaro/2017/02/08/an-update-on-webkit-security-updates/ https://github.com/qutebrowser/qutebrowser/issues/4039#issue-338246939 https://blogs.gnome.org/mcatanzaro/2022/11/04/stop-using-qtwebkit/
This commit is contained in:
parent
890b241276
commit
a505704e8f
@ -69,5 +69,8 @@ qtModule {
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ abbradar periklis ];
|
||||
knownVulnerabilities = [
|
||||
"QtWebkit upstream is unmaintained and receives no security updates, see https://blogs.gnome.org/mcatanzaro/2022/11/04/stop-using-qtwebkit/"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user