You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Our security scan complains about two things:
runtimes/win-x64/native/av_libglesv2.dll uses zlib.dll of version 1.2.11, recommended is 1.3.1
runtimes/win-x64/native/libSkiaSharp.dll uses libjpeg-turbo.dll of version 2.1.5, recommended is 3.0.0.
Yes, you do not distribute these dlls :) But the security scan still complains.
Describe the solution you'd like
May I ask you to update av_libglesv2.dll and ibSkiaSharp.dll to the latest versions in one of your upcoming releases? Hopefully, their vendors have already addressed the issues and use the newest zlib and libjpeg-turbo.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered:
SkiaSharp's update of libjpeg-turbo is blocked by a potential upstream bug: mono/SkiaSharp#2667 (comment) . The comment includes some details and how the vulnerable feature isn't actually part of the SkiaSharp build.
Avalonia does ship its own ANGLE lib which seems to be on zlib 1.2.13. The current upstream main is on 1.3.0.1, so even if it's updated on Avalonia's end, it won't be 1.3.1.
Is your feature request related to a problem? Please describe.
Our security scan complains about two things:
Yes, you do not distribute these dlls :) But the security scan still complains.
Describe the solution you'd like
May I ask you to update av_libglesv2.dll and ibSkiaSharp.dll to the latest versions in one of your upcoming releases? Hopefully, their vendors have already addressed the issues and use the newest zlib and libjpeg-turbo.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: