Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

desktop: bump electron to 26.2.1 [libwebp vulnerability CVE-2023-4863] #81738

Merged
merged 3 commits into from Sep 15, 2023
Merged

desktop: bump electron to 26.2.1 [libwebp vulnerability CVE-2023-4863] #81738

merged 3 commits into from Sep 15, 2023

Conversation

nsakaimbo
Copy link
Contributor

@nsakaimbo nsakaimbo commented Sep 14, 2023
edited

Description

This PR bumps the electron version in the desktop app to 26.2.1, which contains a patch for the zero-day libwebp vulnerability that was recently disclosed (link: Electron patch). The major electron version of the desktop app was already fairly up-to-date (thanks to @worldomonation), so aside from bumping Electron itself there shouldn't be much to do here. Once this PR is merged a new release of the desktop app should be issued.

More info: p3btAN-2r4-p2

To-Dos

The generated artifacts from this CI change have been manually smoke-tested on the following platforms:

  • Windows 32-bit (can be tested on a 64-bit machine)
  • Windows 64-bit
  • MacOS Intel
  • MacOS Apple Silicon
  • Linux (tested on an Ubuntu VM)

Full artifact build triggered in this CI run.

@nsakaimbo nsakaimbo requested a review from a team September 14, 2023 19:48
@matticbot matticbot added [Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically. labels Sep 14, 2023
@github-actions
Copy link

github-actions bot commented Sep 14, 2023
edited by matticbot

Calypso Live (direct link)
https://calypso.live?image=registry.a8c.com/calypso/app:build-80866
Jetpack Cloud live (direct link)
https://calypso.live?image=registry.a8c.com/calypso/app:build-80866&env=jetpack

@matticbot
Copy link
Contributor

This PR does not affect the size of JS and CSS bundles shipped to the user's browser.

Generated by performance advisor bot at iscalypsofastyet.com.

@nsakaimbo nsakaimbo added [Feature] WordPress Desktop App Features and improvements related to the WordPress Desktop App. Security [Pri] High labels Sep 14, 2023
@nsakaimbo nsakaimbo merged commit 6a6223f into trunk Sep 15, 2023
25 of 26 checks passed
@nsakaimbo nsakaimbo deleted the desktop/patch-libwebp-vulnerability branch September 15, 2023 18:19
@github-actions github-actions bot removed the [Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically. label Sep 15, 2023
@worldomonation worldomonation mentioned this pull request Sep 23, 2023
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@worldomonation worldomonation worldomonation approved these changes

Assignees
No one assigned
Labels
[Feature] WordPress Desktop App Features and improvements related to the WordPress Desktop App. [Pri] High Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nsakaimbo @matticbot @worldomonation