JavaFX, WebView and the WebP vulnerability
Gregor Schmid
gschmidj at qfs.de
Thu Oct 12 15:38:38 UTC 2023
Hi Johan and all,
WebP vulnerabilty: https://nvd.nist.gov/vuln/detail/CVE-2023-4863
I guess we're not the only ones having been busy in the past weeks
recovering from that disaster, updating the WebP libraries in all the
various places.
What we haven't covered yet is WebView as part of JavaFX as part of
the JRE distributed with QF-Test. As I haven't seen anything on this
list, my questions are:
Is WebView affected? Given that WebKit supports WebP I would assume
yes.
If so, what are the plans? I see that, for example, JavaFX 17.0.9 from
Gluon is planned for release on October 17. Will it have a WebView
update with a clean WebP?
Thanks for any info and best regards,
Greg
--
Gregor Schmid
Quality First Software GmbH
A company of mgm technology partners
Bürgermeister-Graf-Ring 10
82538 Geretsried
Phone: +49 8171 38648-11
Email: gregor.schmid at qfs.de | gregor.schmid at mgm-tp.com
Web: www.qfs.de
Commercial Register: HRB München 140833
Managing Directors: Gregor Schmid, Karlheinz Kellerer
The data protection information in accordance with the EU General Data
Protection Regulation applies to authorized representatives /
authorized representatives of "legal persons" in accordance with Art.
12 ff. GDPR
https://www.qfs.de/fileadmin/Webdata/pdf/en/dsgvo.pdf
More information about the openjfx-dev
mailing list