New minor releases of webkit2gtk are made approximately monthly to fix
high-impact bugs and security vulnerabilities. New major releases are
made every six months (next one is mid-March). Similar to Firefox
and Chromium, it's not really feasible to separate the security fixes
from other changes. Basically, only one major release series is
supported at a time (sometimes, there will be a final security fix for
the old series shortly after the first release of the new series, but
For Debian 9, webkit2gtk is still excluded from normal security
support and therefore the Debian Security Team is unwilling to accept
webkit2gtk updates via stretch-security to avoid confusing our users.
The latest major release webkit2gtk 2.18 was released in September. I
am unaware of any remaining regressions in the new series. There was
one Ubuntu-specific package that needed to be updated for 2.18. See
https://launchpad.net/bugs/1712047 for more details.
Generally, all the major distros have updated to 2.18 and there has
been plenty of time for regressions to be noticed.
This update will fix all current stretch vulnerabilities listed at
Detailed Commit Log and Diff
It's not really useful to provide a detailed diff or log for the
upstream changes. For instance, Ubuntu's diff for the the 2.16.6 to
2.18.0 upgrade is 10 MB.
debdiff gave me a 71MB file.
webkit2gtk 2.18.6 is available in Debian unstable, testing and
stretch-backports. It has built successfully on all release
architectures. (mips64el is still building on stretch-backports)
Proposed Stretch Update
I am proposing a straight backport from Buster to Stretch. I am
attaching a diff of the debian/ directory.
Description: Binary data