Not an issue [Re: JavaFX, WebView and the WebP vulnerability]

Gregor Schmid gschmidj at qfs.de
Wed Oct 18 12:54:25 UTC 2023 

I apologize for not testing this earlier.

Safari supports WebP images, so I naively assumed this to be a generic
feature of WebKit.

As it turns out, this it not the case. The WebView component in JavaFX
does not support WebP so I assume that JavaFX was never affected by
the WebP vulnerability.

Best regards,
    Greg

Gregor Schmid <gschmidj at qfs.de> writes:

> Hi Johan and all,
>
> WebP vulnerabilty: https://nvd.nist.gov/vuln/detail/CVE-2023-4863
>
> I guess we're not the only ones having been busy in the past weeks
> recovering from that disaster, updating the WebP libraries in all the
> various places.
>
> What we haven't covered yet is WebView as part of JavaFX as part of
> the JRE distributed with QF-Test. As I haven't seen anything on this
> list, my questions are:
>
> Is WebView affected? Given that WebKit supports WebP I would assume
> yes.
>
> If so, what are the plans? I see that, for example, JavaFX 17.0.9 from
> Gluon is planned for release on October 17. Will it have a WebView
> update with a clean WebP?
>
> Thanks for any info and best regards,
>     Greg
>
> -- 
> Gregor Schmid
>
> Quality First Software GmbH
> A company of mgm technology partners
>
> Bürgermeister-Graf-Ring 10
> 82538 Geretsried
>
> Phone: +49 8171 38648-11
> Email: gregor.schmid at qfs.de | gregor.schmid at mgm-tp.com
> Web:   www.qfs.de
>
> Commercial Register: HRB München 140833
> Managing Directors: Gregor Schmid, Karlheinz Kellerer
>
> The data protection information in accordance with the EU General Data
> Protection Regulation applies to authorized representatives /
> authorized representatives of "legal persons" in accordance with Art.
> 12 ff. GDPR
> https://www.qfs.de/fileadmin/Webdata/pdf/en/dsgvo.pdf

-- 
Gregor Schmid

Quality First Software GmbH
A company of mgm technology partners

Bürgermeister-Graf-Ring 10
82538 Geretsried

Phone: +49 8171 38648-11
Email: gregor.schmid at qfs.de | gregor.schmid at mgm-tp.com
Web:   www.qfs.de

Commercial Register: HRB München 140833
Managing Directors: Gregor Schmid, Karlheinz Kellerer

The data protection information in accordance with the EU General Data
Protection Regulation applies to authorized representatives /
authorized representatives of "legal persons" in accordance with Art.
12 ff. GDPR
https://www.qfs.de/fileadmin/Webdata/pdf/en/dsgvo.pdf

More information about the openjfx-dev mailing list