Hello. Regarding the CVE-2023-48631 libwebp vulnerability, is it fixed in the latest build(JCEF e6b4c24 + CEF 114.2.9+g1a97a28+chromium-114.0.5735.91)?
Thanks.

It is most likely affected, because the build is relatively old. Sadly I still need to repair the pipeline which I didnt manage to yet. I will leave this issue open until I have a fix, so that you get notified when I had time on my agenda. Currently, this is unlikely within the next week.

It seems like the fixed version is 116.0.5845.187, but jcef currently uses 116.0.5845.141. Please consider requesting a change on the jcef repository, so I can issue a build for it.

Right, I also requested the chromium version update for the jcef repository. I will reply here when it is available :).
Thanks for your time.

Any chance to get a newer build? This would be very useful....

Sure, I just dispatched one. Lets hope the build is successful :)

Sadly the build for macos seems to be failing due to the download for the standard distribution not being available. I will coordinate with jcef to update from build 159 to build 199.

Also build 199 fails on macos amd64 only. For now I will leave it like this, but I will fix it in the upcoming days. The rest of the builds should be available soon :)

Can you also start a build for jcefmaven, please?

Sadly not. Else I would have to publish a release that does not support macos, which would break the paradigm of run-everywhere. I will try to fix the build for macos asap to be able to run a new jcefmaven build.

Right, I understand. I will wait for the macos build fix. Thanks!

Do you have an estimation for when do you think you'll have time to fix it?

Well the main problem is that I do not really know where the issue is. I tried about 100 different ways to install "six" already, but still the error in the build for macos remains. Six is installed on the system via brew and pip. Additionally I created a venv and installed six there. Still the error remains. I'm sadly pretty much out of ideas on how to resolve this issue.

Oh, ok.

Thank you very much for the new build! The release includes chromium 119.0.6045.199 and for this reason this new release also includes fixes for CVE-2023-6508, CVE-2023-6509, CVE-2023-6510, CVE-2023-6511 and CVE-2023-6512.

Thanks a lot!

In the mean time I tried multiple different approaches to get the build for macosx running again, but sadly to no avail. If this continues to be an issue I will apply a patch to jcef during the build process to mitigate this issue. But most likely this patch is only going to be available in the new year. Then I will also issue a new build for jcefmaven.

Now updated to 122.1.10 :)