Explore top 10 tips to secure your open-source projects now. Read More
×
Fire scrollend event for instant programmatic scrolls. Increase network idle connection timeout to 115 seconds. Fix several crashes and rendering issues. Fix CVE-2024-4367, CVE-2026-39872, CVE-2026-43663, CVE-2026-43676, CVE-2026-43699, CVE-2026-43701, CVE-2026-43705, CVE-2026-43707, CVE-2026-43712,. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3bc4b3ccb3 2026-07-12 01:10:38.798641+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 44 Version : 2.52.5 Release : 1.fc44 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Fire scrollend event for instant programmatic scrolls. Increase network idle connection timeout to 115 seconds. Fix several crashes and rendering issues. Fix CVE-2024-4367, CVE-2026-39872, CVE-2026-43663, CVE-2026-43676, CVE-2026-43699, CVE-2026-43701, CVE-2026-43705, CVE-2026-43707, CVE-2026-43712, CVE-2026-43713, CVE-2026-43715, CVE-2026-43716, CVE-2026-43720, CVE-2026-43721, CVE-2026-43725, CVE-2026-43726, CVE-2026-43727, CVE-2026-43731, CVE-2026-43732, CVE-2026-43734, CVE-2026-43740, CVE-2026-43742, CVE-2026-43745 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Michael Catanzaro - 2.52.5-1 - Update to 2.52.5 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3bc4b3ccb3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1557aaef26 2026-06-20 01:06:42.654447+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 43 Version : 2.52.4 Release : 1.fc43 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes. Fix playback of certain YouTube videos with low frame rates. Fix webkit://gpu not working in systems where neither libGL.so.1 nor libOpenGL.so.0 are available. Fix several crashes and rendering issues. Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Michael Catanzaro - 2.52.4-1 - Update to 2.52.4 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1557aaef26' at the command line. For more information, refer to thednf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a63aad0224 2026-06-06 01:02:02.289325+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 44 Version : 2.52.4 Release : 1.fc44 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes. Fix playback of certain YouTube videos with low frame rates. Fix webkit://gpu not working in systems where neither libGL.so.1 nor libOpenGL.so.0 are available. Fix several crashes and rendering issues. Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660 -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 2 2026 Michael Catanzaro - 2.52.4-1 - Update to 2.52.4 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a63aad0224' at the command line. For more information, refer to thednf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a63aad0224 2026-06-06 01:02:02.289325+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 44 Version : 2.52.4 Release : 1.fc44 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes. Fix playback of certain YouTube videos with low frame rates. Fix webkit://gpu not working in systems where neither libGL.so.1 nor libOpenGL.so.0 are available. Fix several crashes and rendering issues. Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660 -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 2 2026 Michael Catanzaro - 2.52.4-1 - Update to 2.52.4 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a63aad0224' at the command line. For more information, refer to thednf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Several security issues were fixed in WebKitGTK.. ========================================================================== Ubuntu Security Notice USN-8237-1 May 06, 2026 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Several security issues were fixed in WebKitGTK. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libjavascriptcoregtk-4.1-0 2.52.3-0ubuntu0.26.04.2 libjavascriptcoregtk-6.0-1 2.52.3-0ubuntu0.26.04.2 libwebkit2gtk-4.1-0 2.52.3-0ubuntu0.26.04.2 libwebkitgtk-6.0-4 2.52.3-0ubuntu0.26.04.2 Ubuntu 25.10 libjavascriptcoregtk-4.1-0 2.52.3-0ubuntu0.25.10.1 libjavascriptcoregtk-6.0-1 2.52.3-0ubuntu0.25.10.1 libwebkit2gtk-4.1-0 2.52.3-0ubuntu0.25.10.1 libwebkitgtk-6.0-4 2.52.3-0ubuntu0.25.10.1 Ubuntu 24.04 LTS libjavascriptcoregtk-4.1-0 2.52.3-0ubuntu0.24.04.1 libjavascriptcoregtk-6.0-1 2.52.3-0ubuntu0.24.04.1 libwebkit2gtk-4.1-0 2.52.3-0ubuntu0.24.04.1 libwebkitgtk-6.0-4 2.52.3-0ubuntu0.24.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8237-1 CVE-2025-43213, CVE-2025-43214,CVE-2025-43457, CVE-2025-43511, CVE-2025-46299, CVE-2026-20608, CVE-2026-20635, CVE-2026-20636, CVE-2026-20643, CVE-2026-20644, CVE-2026-20652, CVE-2026-20664, CVE-2026-20665, CVE-2026-20676, CVE-2026-20691, CVE-2026-28857, CVE-2026-28859, CVE-2026-28861, CVE-2026-28871 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.52.3-0ubuntu0.26.04.2 https://launchpad.net/ubuntu/+source/webkit2gtk/2.52.3-0ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.52.3-0ubuntu0.24.04.1 . Fix multiple security issues in WebKitGTK impacting Ubuntu. Key updates and fix guidance available now.. WebKitGTK security Ubuntu updates exploits. . Severity: Important. LinuxSecurity.com Team
Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-36594550b0 2026-04-14 01:07:38.489371+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 42 Version : 2.52.1 Release : 1.fc42 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not. Improved composition scheduling to avoid blocking waiting for tile painting. Improved performance of accelerated 2D canvas by recording operations for batched replay. Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread. Enabled dynamic MSAA for accelerated 2D canvas rendering. Improved text rendering performance Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out. Added support for the Audio Output Devices API. Added API to handle WebXR permission requests. Added API to query the immersive session status. Added initial API for web extensions. Additional changes from 2.52.0 to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is incomplete. Add Sysprof marks for mouse events. Fix MediaSessionicon for iheart.com not being displayed. Fix several crashes and rendering issues. Translation updates: Georgian. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 28 2026 Michael Catanzaro - 2.52.1-1 - Update to 2.52.1 * Sat Mar 21 2026 Michael Catanzaro - 2.52.0-1 - Update to 2.52.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449069 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449069 [ 2 ] Bug #2449073 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449073 [ 3 ] Bug #2449086 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449086 [ 4 ] Bug #2449089 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449089 [ 5 ] Bug #2449092 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449092 [ 6 ] Bug #2449095 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449095 [ 7 ] Bug #2449098 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449098 [ 8 ] Bug #2449102 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449102 [ 9 ] Bug #2449105 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449105 [ 10 ] Bug #2449108 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449108 [ 11 ] Bug #2449111 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449111 [ 12 ] Bug #2450634 - webkitgtk-2.50.5: WebKitWebProcess repeated SIGABRT crashes (heap corruption), upstream fixed in 2.50.6+ https://bugzilla.redhat.com/show_bug.cgi?id=2450634 [ 13 ] Bug #2453064 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453064 [ 14 ] Bug #2453067 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453067 [ 15 ] Bug #2453070 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453070 [ 16 ] Bug #2453073 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453073 [ 17 ] Bug #2453076 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453076 [ 18 ] Bug #2453079 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453079 [ 19 ] Bug #2453082 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453082 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-36594550b0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-431948187d 2026-04-14 00:58:48.183190+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 43 Version : 2.52.1 Release : 1.fc43 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not. Improved composition scheduling to avoid blocking waiting for tile painting. Improved performance of accelerated 2D canvas by recording operations for batched replay. Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread. Enabled dynamic MSAA for accelerated 2D canvas rendering. Improved text rendering performance Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out. Added support for the Audio Output Devices API. Added API to handle WebXR permission requests. Added API to query the immersive session status. Added initial API for web extensions. Additional changes from 2.52.0 to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is incomplete. Add Sysprof marks for mouse events. Fix MediaSessionicon for iheart.com not being displayed. Fix several crashes and rendering issues. Translation updates: Georgian. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 28 2026 Michael Catanzaro - 2.52.1-1 - Update to 2.52.1 * Sat Mar 21 2026 Michael Catanzaro - 2.52.0-1 - Update to 2.52.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449069 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449069 [ 2 ] Bug #2449073 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449073 [ 3 ] Bug #2449086 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449086 [ 4 ] Bug #2449089 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449089 [ 5 ] Bug #2449092 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449092 [ 6 ] Bug #2449095 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449095 [ 7 ] Bug #2449098 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449098 [ 8 ] Bug #2449102 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449102 [ 9 ] Bug #2449105 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449105 [ 10 ] Bug #2449108 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449108 [ 11 ] Bug #2449111 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449111 [ 12 ] Bug #2450634 - webkitgtk-2.50.5: WebKitWebProcess repeated SIGABRT crashes (heap corruption), upstream fixed in 2.50.6+ https://bugzilla.redhat.com/show_bug.cgi?id=2450634 [ 13 ] Bug #2453064 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453064 [ 14 ] Bug #2453067 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453067 [ 15 ] Bug #2453070 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453070 [ 16 ] Bug #2453073 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453073 [ 17 ] Bug #2453076 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453076 [ 18 ] Bug #2453079 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453079 [ 19 ] Bug #2453082 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453082 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-431948187d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is incomplete. Add Sysprof marks for mouse events. Fix MediaSession icon for iheart.com not being displayed.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f00460a7d9 2026-03-31 00:16:35.926192+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 44 Version : 2.52.1 Release : 1.fc44 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Update to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is incomplete. Add Sysprof marks for mouse events. Fix MediaSession icon for iheart.com not being displayed. Fix several crashes and rendering issues. Translation updates: Georgian. Update to 2.52.0: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not. Improved composition scheduling to avoid blocking waiting for tile painting. Improved performance of accelerated 2D canvas by recording operations for batched replay. Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread. Enabled dynamic MSAA for accelerated 2D canvas rendering. Improved text rendering performance Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out. Added support for the Audio Output Devices API. Added API to handle WebXR permission requests. Added API to query theimmersive session status. Added initial API for web extensions. 2.51.93: Make text look like in other browsers by blending in linear color space. Avoid composition for non visible layers with running animations. Fix several crashes and rendering issues. 2.51.92: Fix PDF rendering broken by the accelerated 2D canvas performance improvements. Fix flickering while scrolling in some edge cases. Support for rotation and mirroring in internal WebCodecs encoder. System fallback font selection no longer takes style into account. Fix several crashes and rendering issues. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 28 2026 Michael Catanzaro - 2.52.1-1 - Update to 2.52.1 * Wed Mar 25 2026 Jan Grulich - 2.52.0-4 - Add configuration for release-monitoring * Tue Mar 24 2026 Michael Catanzaro - 2.52.0-3 - Remove Unicode-TOU from license list * Tue Mar 24 2026 Michael Catanzaro - 2.52.0-2 - Correct license of m4sugar.m4 * Sat Mar 21 2026 Michael Catanzaro - 2.52.0-1 - Update to 2.52.0 * Fri Mar 6 2026 Michael Catanzaro - 2.51.93-1 - Update to 2.51.93 * Sun Mar 1 2026 Michael Catanzaro - 2.51.92-1 - Update to 2.51.92 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449069 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449069 [ 2 ] Bug #2449073 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449073 [ 3 ] Bug #2449086 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449086 [ 4 ] Bug #2449089 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to anunexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449089 [ 5 ] Bug #2449092 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449092 [ 6 ] Bug #2449095 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449095 [ 7 ] Bug #2449098 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449098 [ 8 ] Bug #2449102 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449102 [ 9 ] Bug #2449105 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449105 [ 10 ] Bug #2449108 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449108 [ 11 ] Bug #2449111 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449111 [ 12 ] Bug #2450634 - webkitgtk-2.50.5: WebKitWebProcess repeated SIGABRT crashes (heap corruption), upstream fixed in 2.50.6+ https://bugzilla.redhat.com/show_bug.cgi?id=2450634 [ 13 ] Bug #2453064 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453064 [ 14 ] Bug #2453067 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453067 [ 15 ] Bug #2453070 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453070 [ 16 ] Bug #2453073 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453073 [ 17 ] Bug #2453076 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453076 [ 18 ] Bug #2453079 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453079 [ 19 ] Bug #2453082 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453082 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f00460a7d9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.