DesktopEditors icon indicating copy to clipboard operation
DesktopEditors copied to clipboard

Published 20 hours ago verified publisher icon ONLYOFFICE

Outdated and vulnerable v8 is used

Open kxxt opened this issue 5 months ago • 2 comments

This issue is unique.

  • [X] I have used the search tool and did not find an issue describing my idea.

Your idea.

The javascript engine v8, version 8.9(used in https://github.com/ONLYOFFICE/build_tools/blob/master/scripts/core_common/modules/v8_89.py) is very outdated and vulnerable.

It should be updated to a recent version or have security patches backported.

For reference, qt5-webengine uses chromium 87 and v8 8.7 with some added security patches. The commits are available here: https://github.com/qt/qtwebengine-chromium/commits/87-based/

kxxt avatar Aug 24 '24 14:08 kxxt