On Wed, Mar 22, 2023 at 7:01 PM Michael Catanzaro <mcatanz...@redhat.com> wrote:
> On Wed, Mar 22 2023 at 11:26:56 AM +0200, Adrian Perez de Castro > <ape...@igalia.com> wrote: > > Recently advisories published by Apple include the Bugzilla issue > > numbers > > (e.g. [1]), so with some work you can find out which commits > > correspond to > > the fixes. > > It finally occurs to me that since Apple now publishes the bug > information, we could start publishing revision information. We'd want > to fix [1] first. > Hi Adrián and Michael, Thanks. I'll try to do more search for the existing CVEs. > > WebKitGTK 2.38.x is backwards compatible with 2.36.x, you can safely > > update > > without needing to change applications. In general, we always keep > > the API and > > ABI backwards compatible. > > For avoidance of doubt, WebKitGTK 2.40.x is backwards-compatible as > well and that will remain true indefinitely, as long as you continue to > build the same API version [2]. Adrian might be planning one last > 2.38.x release, but it's really time to move on to 2.40. > > On rare occasions, an upgrade might affect the behavior of particular > API functionality within the same API version, but this is unusual and > is avoided whenever possible. I don't think any APIs broke between 2.36 > and 2.40, so that shouldn't be a problem for you this time. The goal is > for upgrades to be as safe as possible. > Great. Your comments will be powerful evidence to upgrade webkitgtk on Yocto lts release. Thanks a lot. Kai > Michael > > [1] https://bugs.webkit.org/show_bug.cgi?id=249672 > [2] > > https://blogs.gnome.org/mcatanzaro/2023/03/21/webkitgtk-api-for-gtk-4-is-now-stable/ > > >
_______________________________________________ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk