On 7/10/23 13:16, Demi Marie Obenour wrote:
On 7/10/23 02:30, Vitaly Zaitsev via devel wrote:
On 10/07/2023 02:49, Demi Marie Obenour wrote:
QtWebEngine (used by Falkon) was a
month or more behind upstream Chromium last I checked.
Qt5QtWebEngine is an extremely vulnerable thing. It still uses Chromium
87.0[1].
Current Chromium version: 105.0.
[1]: https://wiki.qt.io/QtWebEngine/ChromiumVersions
In that case it should be removed from the distribution. Can KDE
mail clients be built without QtWebEngine? This would disable
HTML email support, but plain text mail might still work.
The problem isn't QtWebEngine, the latest Qt 6.X is using 108 according
to the link above.
The problem seems to be that not everything has moved to the 6.x branch yet.
https://iskdeusingqt6.org/
More generally, WebKit is the only major browser engine with
upstream support for being embedded, so it is the only embedded
browser engine that is supportable security-wise. Unfortunately,
it is also the least secure of the major browser engines on Linux
last I checked, and in particular is far behind Chromium.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue