Hi, I intended to update novnc in EPEL7 to version 1.3.0 from 0.5.1. I am posting this here per EPEL policy and I've also posted an issue at https://pagure.io/epel/issue/212 for discussion and the meeting agenda.
I recently took the novnc package which was orphaned and I'm trying to get it cleaned up a bit. There is currently an open CVE for version 0.5.1 in EPEL7: https://bugzilla.redhat.com/show_bug.cgi?id=1765662 The vulnerability was not fixed until 0.6.2 which already had breaking changes from 0.5.1. https://github.com/novnc/noVNC/releases/tag/v0.6.2 There are no known backports of the fixes to 0.5.x and since the fixes were during a very active time of development with many changes it would be impractical to create and maintain such backports. The releases after 0.6.2 do not cite breaking changes to libraries so I think it makes sense to update to the currently supported upstream release of 1.3.0. The total breaking changes cited in changelogs between 0.5.1 and 1.3.0 are as follows: - 0.6.1: Warning: this release removes support for legacy browsers, namely IE9 and below. IE10 may receive "best-effort" support. IE 11+, Edge, Firefox 31+, and Chrome 44+ continue to be supported - 0.6.1: Warning: this release includes a number of potentially breaking changes to internal libraries - 0.7.0: renamed vnc_auto.html to vnc_simple.html. We can maintain a symlink to not break this functionality (only for EL7) until its EOL in 2024. https://github.com/novnc/noVNC/issues/695#issuecomment-300999837 RedHat's solution to the issue in their OpenStack product was to rebase to 1.1 (which at the time they rebased was the latest stable release). https://access.redhat.com/errata/RHSA-2020:0754 https://bugzilla.redhat.com/show_bug.cgi?id=1484711 -- Jonathan Wright AlmaLinux Foundation Mattermost: chat <https://chat.almalinux.org/almalinux/messages/@jonathan>
_______________________________________________ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
