| 1 |
On 06/05/2017 07:06 AM, Kent Fredric wrote: |
| 2 |
> On Mon, 05 Jun 2017 09:11:27 +0200 |
| 3 |
> Hans de Graaff <graaff@g.o> wrote: |
| 4 |
> |
| 5 |
>> # Hans de Graaff <graaff@g.o> (05 Jun 2017) |
| 6 |
>> # Bundles obsolete and vulnerable webkit version. |
| 7 |
>> # Upstream has stopped development and recommends using |
| 8 |
>> # headless mode in >=www-client/chromium-59. |
| 9 |
>> # Masked for removal in 30 days. Bug #589994. |
| 10 |
>> www-client/phantomjs |
| 11 |
> |
| 12 |
> Can phantomjs be simply masked for a longer period until the development |
| 13 |
> world has had an opportunity to catch up? |
| 14 |
> |
| 15 |
|
| 16 |
The real reason for the mask is that it bundles an ancient version of |
| 17 |
qtwebkit with a ton of known security vulnerabilities. Hans was |
| 18 |
attempting to fix it, but now that upstream is dead, it will remain |
| 19 |
insecure forever. |
Archives