Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://chaos.social/users/srslypascal/statuses/111301468778356032">srslypascal (srslypascal@chaos.social)'s status on Friday, 27-Oct-2023 18:17:05 JST</a><a href="https://chaos.social/@srslypascal" title="srslypascal@chaos.social"><img src="https://gnusocial.jp/avatar/167217-48-20231027091705.webp" width="48" height="48" alt="srslypascal" style="position: absolute; left: 0; top: 0;">srslypascal</a><div><a href="https://infosec.exchange/@adulau/110989243094591045" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@adulau">@adulau</a> </p><p>They should just get rid altogether of the liability/technical debt that is Electron.</p><p>As of signal-desktop 6.36.0, they still use Electron 25.8.4, which is affected by at least 8 different security issues according to the release notes of Electron 25.9.0 through 25.9.3.</p><p><a href="https://github.com/signalapp/Signal-Desktop/blob/v6.36.0/package.json#L275" rel="nofollow noreferrer">https://github.com/signalapp/Signal-Desktop/blob/v6.36.0/package.json#L275</a></p><p>And on top of all of these issues, there remains the issue of the disabled sandbox, which they haven't bothered to fix in over 4 years.</p><p><a href="https://github.com/signalapp/Signal-Desktop/issues/3573" rel="nofollow noreferrer">https://github.com/signalapp/Signal-Desktop/issues/3573</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2240382#notice-4411701">In conversation</a><time datetime="2023-10-27T18:17:05+09:00" title="Friday, 27-Oct-2023 18:17:05 JST">about a year ago</time> <span>from <span><a href="https://chaos.social/@srslypascal/111301468778356032" rel="external" title="Sent from chaos.social via ActivityPub">chaos.social</a></span></span><a href="https://chaos.social/@srslypascal/111301468778356032">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1721053">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
srslypascal (srslypascal@chaos.social)'s status on Friday, 27-Oct-2023 18:17:05 JSTsrslypascal
in reply to
- Alexandre Dulaunoy
@adulau
They should just get rid altogether of the liability/technical debt that is Electron.
As of signal-desktop 6.36.0, they still use Electron 25.8.4, which is affected by at least 8 different security issues according to the release notes of Electron 25.9.0 through 25.9.3.
https://github.com/signalapp/Signal-Desktop/blob/v6.36.0/package.json#L275
And on top of all of these issues, there remains the issue of the disabled sandbox, which they haven't bothered to fix in over 4 years.
https://github.com/signalapp/Signal-Desktop/issues/3573
In conversationabout a year ago from chaos.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice