My recent blog post On WebKit Security Updates has attracted some not-unexpected attention. Since I knew poorly-chosen words could harm the image of the WebKit project, I prefaced that blog post with a disclaimer which I hoped few would miss: WebKitGTK+ releases regular security updates upstream. It is safe to use so long as you …
Monthly Archives: February 2016
On Subresource Certificate Validation
Ryan Castellucci has a quick read on subresource certificate validation. It is accurate; I fixed this shortly after joining Igalia. (Update: This was actually in response to a bug report from him.) Run his test to see if your browser is vulnerable. Epiphany, Xombrero, Opera Mini and Midori […] were loading subresources, such as scripts, …
On WebKit Security Updates
Linux distributions have a problem with WebKit security. Major desktop browsers push automatic security updates directly to users on a regular basis, so most users don’t have to worry about security updates. But Linux users are dependent on their distributions to release updates. Apple fixed over 100 vulnerabilities in WebKit last year, so getting updates …