Skip to content
This repository has been archived by the owner on Oct 18, 2020. It is now read-only.

Update dependency electron to v7 [SECURITY] #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency electron to v7 [SECURITY] #27

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jul 10, 2020
edited
Loading

This PR contains the following updates:

Package Type Update Change
electron devDependencies major 4.0.4 -> 7.2.4

GitHub Vulnerability Alerts

CVE-2020-4077

Impact

Apps using both contextIsolation and contextBridge are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

  • 9.0.0-beta.21
  • 8.2.4
  • 7.2.4

For more information

If you have any questions or comments about this advisory:

CVE-2020-4076

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

  • 9.0.0-beta.21
  • 8.2.4
  • 7.2.4

Non-Impacted Versions

  • 9.0.0-beta.*

For more information

If you have any questions or comments about this advisory:

CVE-2020-4075

Impact

The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.

Workarounds

Ensure you are calling event.preventDefault() on all new-window events where the url or options is not something you expect.

Fixed Versions

  • 9.0.0-beta.21
  • 8.2.4
  • 7.2.4

For more information

If you have any questions or comments about this advisory:

CVE-2020-15096

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

  • 9.0.0-beta.21
  • 8.2.4
  • 7.2.4
  • 6.1.11

For more information

If you have any questions or comments about this advisory:

Release Notes

electron/electron

v7.2.4

Compare Source

Release Notes for v7.2.4

Fixes

  • Fixed Promise timeout issue when running Electron as Node. #​23324
  • Fixed a use-after-free error that could happen if a Tray was destroyed while showing a custom context menu. #​23182
  • Fixed an issue where windows without nativeWindowOpen: true could invoke the non-native-open path. #​23224
  • Fixed memory leak when using contextBridge with sandbox=true. #​23232
  • MacOS VoiceOver is now able to find its way back into web contents after it navigated "out" of an application. #​23174

v7.2.3

Compare Source

Release Notes for v7.2.3

Fixes

  • Security: Ensure proxy object is created in the correct context a9bead2

v7.2.2

Compare Source

Release Notes for v7.2.2

Fixes

  • Fixed a potential crash on invalid zoomFactor values when setting the zoom factor of a webpage. #​22710
  • Fixed an issue with maximizable state persistence of BrowserWindows on macOS. #​23019
  • Fixed an issue with possible creation of a messageBox which cannot be dismissed on macOS. #​23089
  • Fixed an occasional crash when closing all BrowserWindows. #​23024
  • Security: Backported fix for CVE-2020-6426: inappropriate implementation in V8. #​23043
  • Security: backported a fix for crbug.com/1065094. #​23059
  • Security: backported fix for a potential buffer overrun in WebRTC audio encoding. #​23037
  • Security: backported fix for site isolation bypass in dedicated workers. #​23040
  • Security: backported the fix to CVE-2020-6452: potential container-overflow in MediaStream mojo. #​23044

Other Changes

v7.2.1

Compare Source

Release Notes for v7.2.1

Fixes

  • Reverted "fix: better window hierarchy checks". cac3884

v7.2.0

Compare Source

Release Notes for v7.2.0

Features

    • Added new useSessionCookies flag to net requests to allow them to use the session cookie store.
      • Fixed issue where SameSite cookies would not be attached to outgoing requests from the net module. #​22808
  • Exposing methods required by capturing a hidden webContents. #​21894

Fixes

  • Better window hierarchy checks. c16c4c2
  • Fixed ARIA role="tree" for macOS VoiceOver. #​22424
  • Fixed a crash that could occur when sending arrays over IPC. #​22757
  • Fixed a potential crash on devices which had not connected any printers to their network. #​22517
  • Fixed an occasional segfault with modal windows being closed or destroyed. #​22540
  • Fixed issue where mutating the global Object prototype could cause internal Electron logic to throw errors. #​22729
  • Fixed some properties not working in webview tags. #​22512

Unknown

v7.1.14

Compare Source

Release Notes for v7.1.14

Fixes

v7.1.13

Compare Source

Release Notes for v7.1.13

Fixes

  • Fixed webRequest API not working with WebSockets. #​22141
  • Fixed a crash in webContents.print() with custom print margins. #​22187
  • Fixed a potential issue with active Menu garbage collection. #​22151
  • Fixed an issue where undefined was printed from console.log on Window when no arguments were passed. #​22173
  • Removed unneccessary breakpad_symbols directory from the dsym zip file. #​22220

Other Changes

  • Fixed a potential crash on faulty deviceNames in webContents.print(). #​22012

Documentation

v7.1.12

Compare Source

Release Notes for v7.1.12

Fixes

  • Fixed an issue where sending complex objects over IPC could in some cases cause the renderer process to be terminated. #​21922
  • Fixed crash with Date.toLocaleString for invalid locale and locale of the format aa@BB. #​21969
  • Fixed flash plugin not working. #​22109
  • Fixed issue where renderers could crash during GC when using the contextBridge module. #​22112
  • Fixed netLog.stopLogging returning undefined instead of the path to the log. #​21988

v7.1.11

Compare Source

Release Notes for v7.1.11

Fixes

  • Fixed an edge case in checkbox logic on Windows. #​21860
  • Fixed an issue where window.print() only worked once on a single BrowserWindow. #​21911
  • Fixed an issue where the credits set in About Panel credits were not dark mode aware on macOS. #​21924
  • Fixed error thrown when importing powerMonitor on Linux before app's 'ready' event. #​21941
  • Fixed fuzzy font rendering when hot-plugging displays on macOS Catalina. #​21872

Documentation

v7.1.10

Compare Source

Release Notes for v7.1.10

Fixes

  • Fixed BrowserWindow.setFocusable(true) not working on Windows. #​21855
  • Fixed set-cookie header not passed in net module. #​21770
  • Fixed an issue where custom stream protocols would sometimes not complete responses when the data stream ended. #​21758
  • Fixed crash when restoring minimized hidden window on Windows. #​21820
  • Fixed issue where non-zero size pixels in CSS styles could be rounded down to zero size pixels. #​21857
  • Fixed memory leak when using javascript generator functions. #​21773

Other Changes

  • Fixed potential hang when sending synchronous IPC messages on process shutdown. #​21776

v7.1.9

Compare Source

Release Notes for v7.1.9

Fixes

  • Fixed a crash in contextBridge that happens on garbage collection. #​21736
  • Fixed a crash that would occur when Notifications were closed in concert with app termination. #​21719
  • Fixed an issue that could cause frameless windows to become undraggable in some circumstances. #​21723
  • Fixed an issue that could prevent communication between a sandboxed child window opened with nativeWindowOpen: false and an unsandboxed parent window. Also fixed document.visibilityState not working in sandboxed <webview>. #​21696
  • Fixed an issue with potential duplicate error popups when calling shell.showItemInFolder on Windows. #​21749
  • Fixed white flash when foregrounding an occluded window. #​21750

Documentation

v7.1.8

Compare Source

Release Notes for v7.1.8

Fixes

  • Fixed an issue in the net module where aborting a request during a redirect could cause an error to be thrown. #​21645
  • Fixed incorrect button highlighting when defaultId is passed for dialog message boxes. #​21652

Other Changes

  • Updated crashReporter to throw an error for getLastCrashReport if crashReporter not started. #​21683

v7.1.7

Compare Source

Release Notes for v7.1.7

Fixes

  • Fixed an issue where calling allowNTLMCredentialsForDomains() could cause a change in Kerberos SPN generation behavior. #​21572

v7.1.6

Compare Source

Release Notes for v7.1.6

Fixes

  • Fixed black boxes with <select> tag inside <webview> and OOPIF on windows. #​21526
  • Fixed media-specific globalShortcuts not working on macOS. #​21548

v7.1.5

Compare Source

Release Notes for v7.1.5

Fixes

  • Added workaround for nativeWindowOpen hang. #​21497
  • Fixed cookies.set not working correctly when name or expirationDate is omitted. #​21481
  • Fixed a weird behaviors and crashes when controlling window menu by keys. #​21453
  • Fixed accessibility window title on macOS. #​21466
  • Fixed contextBridge crash when opening and closing many windows. #​21514
  • Fixed source maps not loading in devtools with file scheme. #​21494
  • Fixed window menu unable to hide on startup. #​21449
  • Removed Electron.dsym from macOS application zip. #​21487

v7.1.4

Compare Source

Release Notes for v7.1.4

Fixes

  • Fixed an issue that caused ClientRequest.getUploadProgress() to return incorrect values. #​21425
  • Fixed compositor recycling when creating new BrowserView. #​21400
  • Fixed contextBridge crash when closing a window. #​21417
  • Fixed issues where noLink and checkboxChecked were not passed correctly on Windows. #​21406
  • Fixed throttling in webContents.setBackgroundThrottling. #​21357

Other Changes

  • Updated Chromium to 78.0.3904.130. #​21413

v7.1.3

Compare Source

Release Notes for v7.1.3

Fixes

  • Fixed --ignore-connections-limit, ironically, being ignored. #​21299
  • Fixed broken focus with OOPIF embedded inside webview. #​21223
  • Fixed context menu disappearing when showing. #​21225
  • Fixed contextBridge crash. #​21281
  • Fixed the 'login' event not being emitted when HTTP Basic auth was requested during a net.request. #​21135
  • Net module requests no longer raise errors when non-2xx responses are received. #​21295
  • The disabled-by-default-cpu_profiler tracing category now correctly records stack samples from the main process and utility processes. #​21277
  • webContents.reloadIgnoringCache() will now forcefully ignore all caches, including service workers. #​21284
  • window.root and window.GLOBAL are both now undefined when nodeIntegration is disabled as expected. #​21354

Other Changes

  • Fixed some crashes that could occur when using the net module. #​21304
  • Generate debug symbols on Linux. #​21279
  • Made strip_absolute_paths_from_debug_symbols to false in debug.gn. #​21317
  • Updated Chromium to 78.0.3904.126. #​21346

v7.1.2

Compare Source

Release Notes for v7.1.2

Fixes

  • Disabled Touch Bar typing suggestions with autocorrect=off and spellcheck=false. #​21192
  • Fixed ENOMEM error with Node.js child_process when using empty options.env. #​21140
  • Fixed <webview>.capturePage() resolving with an empty object instead of NativeImage instance. #​21104
  • Fixed webRequest module unable to modify CORS headers. #​21123
  • Fixed an issue where custom protocols registered using registerStreamProtocol would sometimes fail to complete the response when the stream ended. #​21179
  • Fixed flickering when maximizing and restoring frameless windows. #​21205
  • Fixed incorrect size of windows on differently scaled monitors. #​21138
  • Fixed the 'login' event not being emitted when HTTP Basic auth was requested from a WebContents. #​21097

Other Changes

  • Updated Chromium to 78.0.3904.113. #​21199

v7.1.1

Compare Source

Release Notes for v7.1.1

Fixes

  • Fixed backgroundThrottling: false not having an effect. #​21013
  • Fixed broken globalShortcut.registerAll() on Windows and Linux. #​20983
  • Fixed crash on exit in aura platforms with webview. #​21022
  • Fixed exiting HTML fullscreen for cross-origin iframes (e.g. YouTube) while in macOS fullscreen. #​21021
  • Fixed improper label internationalization for the recentDocuments MenuItem. #​20957
  • Fixed issue where app.setAppLogsPath did not work when you provided a valid path. #​21008
  • Fixed webrequest api typings. #​21038

Other Changes

  • Updated Chromium to 78.0.3904.99. #​21033

v7.1.0

Compare Source

Release Notes for v7.1.0

This release is a minor bump as it contains exactly one new feature. contextBridge module, this feature is outlined below along with the other fixes and changes that went into this release. The 7.1.x series is now only release line in the 7.x.y major release line that will receive bug fixes and security fixes. It is recommended you upgrade to 7.1.x.

Features

  • Added new contextBridge module to make it easier to communicate between an isolated context and the main world. #​20789

Fixes

  • Fixed nativeTheme not accessible via the remote module. #​20961
  • Fixed a memory leak issue when setting Tray images. #​20935
  • Fixed issue where proxied remote promises might not resolve if Bluebird was installed in the renderer. #​20947

Other Changes

v7.0.1

Compare Source

Release Notes for v7.0.1

Fixes

  • Fixed shell.openExternal() option workingDirectory not working with Unicode characters. #​20905
  • Fixed a crash in Menus related to menu.popup(). #​20808
  • Fixed a label mismatch on open and save dialogs on GTK. #​20882
  • Fixed a regression in the recentDocuments role on macOS. #​20670
  • Fixed an issue where objects referenced by remote could sometimes not be correctly freed. #​20693
  • Fixed crashes when calling webContents.printToPDF() multiple times. #​20810
  • Fixed devtools extensions not loading due to "Connect to unknown extension [object Object]" errors. #​20844
  • Fixed flicker when switching between BrowserViews. #​20846
  • Fixed fs.mkdir/mkdirSync hang with {recursive: true} for invalid names with node 12 on windows. #​20629
  • Fixed hang when closing a scriptable popup window using the remote module. #​20715
  • Fixed memory leaks caused by callbacks not being released when the remote module is used in sub-frames (<iframe> or scriptable popup). #​20814
  • Fixed native module size increase on windows, follow up fix to #​20614. #​20708
  • Fixed several deprecation warnings in Electron code. #​20804

Other Changes

  • Updated Chromium to 78.0.3904.92. #​20913

Documentation

v7.0.0

Compare Source

Release Notes for v7.0.0

Notable Changes

  • Stack upgrades:
Stack Version in Electron 6 Version in Electron 7 What's New
Chromium 76.0.3809.146 78.0.3905.1 77, 78
V8 7.6 7.8 7.7, 7.8
Node.js 12.4.0 12.8.1 12.5, 12.6, 12.7, 12.8, 12.8.1
  • Added Windows on Arm (64 bit) release. #​18591, #​20112
  • Added ipcRenderer.invoke() and ipcMain.handle() for asynchronous request/response-style IPC. These are strongly recommended over the remote module. See this "Electron’s ‘remote’ module considered harmful" blog post for more information. #​18449
  • Added nativeTheme API to read and respond to changes in the OS's theme and color scheme. #​19758, #​20486
  • Switched to a new TypeScript Definitions generator, which generates more precise definitions. If your TypeScript build fails, this is the likely cause. #​18103

Breaking Changes

More information about these and future changes can be found on project's Planned Breaking Changes page.

  • Removed deprecated APIs:
    • Callback-based versions of functions that now use Promises. #​17907
    • Tray.setHighlightMode() (macOS). #​18981
    • app.enableMixedSandbox() #​17894
    • app.getApplicationMenu(),
    • app.setApplicationMenu(),
    • powerMonitor.querySystemIdleState(),
    • powerMonitor.querySystemIdleTime(),
    • webFrame.setIsolatedWorldContentSecurityPolicy(),
    • webFrame.setIsolatedWorldHumanReadableName(),
    • webFrame.setIsolatedWorldSecurityOrigin() #​18159
  • Session.clearAuthCache() no longer allows filtering the cleared cache entries. #​17970
  • Native interfaces on macOS (menus, dialogs, etc.) now automatically match the dark mode setting on the user's machine. #​19226
  • Updated the electron module to use @electron/get. The minimum supported node version is now Node 8. #​18413
  • The electron.asar file no longer exists. Any packaging scripts that depend on its existence should be updated. #​18577

New Features

  • netLog.startLogging() now returns a promise which resolves when the net log has started recording.
  • All async webContents / <webview> methods now return a Promise. #​18792
  • Added always-on-top-changed event emission for macOS. #​19462
  • Added app.resignCurrentActivity() to allows marking inactive the current Handoff user activity without invalidating it. #​18659
  • Added captureMode and maxFileSize options to the netLog API. #​19215
  • Added creationTime / sandboxed / integrityLevel to app.getAppMetrics() output. #​18718
  • Added failureReason parameter to the webContents.print() callback function to distinguish between success, failure, and cancellation. #​19000
  • Added getBounds() method for BrowserView. #​19370
  • Added gpu-info-update event to app, which is emitted whenever there is a GPU info update. #​18250
  • Added memory to app.getAppMetrics(). #​18831
  • Added process.getBlinkMemoryInfo(). #​17762
  • Added removeInsertedCSS() to webFrame / webContents / <webview>. #​16579
  • Added zoom-changed event to webContents, which is emitted when the user zooms using the mouse wheel on Windows, even if the focus is inside an (x-origin) iframe. #​17747
  • Migrated Tray from custom to native view to be compatible with Catalina (macOS). #​18981
  • Added a MenuItem.toolTip property macOS. #​19099
  • Added printing customization options. #​18984
  • Added an optional conflict handling callback to app.moveToApplicationsFolder. #​18916
  • Added missing support for ELECTRON_DEFAULT_ERROR_MODE in the GPU process. #​17728
  • Added security warning for remote modules with remote content. #​18822
  • Support CSS origin in webFrame.insertCSS(). #​19268
  • Support HTTP preconnect resource hints. #​19952
  • Support NSVisualEffectMaterials vibrancy types added in macOS Mojave. #​19073
  • Support mouse-move event of Tray API on Windows. #​19265
  • Support systemPreferences.isDarkMode() API on Windows. #​19217
  • Support systemPreferences.isHighContrastColorScheme() API on macOS. #​19331
  • Support picture-in-picture mode for video elements. #​19914
  • Support rotation multi-touch gestures on BrowserWindow for macOS. #​19294
  • Added the ability to set authors in the Linux implementation of the About panel. #​18964
  • Calling contentTracing.stopTracing() with no arguments is now permitted and has the same behaviour as calling it with an empty string (tracing data will be written to a temporary file). #​18411
  • Can set a window always on top but behind the taskbar on Windows. #​18982
  • Enabled the W3C Reporting API. #​18255
  • Exposed the value of NSNotification.object to subscribers of notifications in systemPreferences. #​19110
  • Implemented BrowserWindow.setFocusable on macOS. #​19033
  • Renderer processes hosting cross-origin frames are now sandboxed unless the parent BrowserWindow enables nodeIntegrationInSubFrames. #​18650
  • Set the ELECTRON_SKIP_BINARY_DOWNLOAD=1 environment variable to skip electron binary download. #​17627
  • Deprecated netLog.currentlyLoggingPath. #​18289
  • Added Windows on Arm node header files to checksum file. #​20261

Properties

  • Converted webContents primitive getters and setters to actual properties. #​18998
  • Converted badgeCount to an actual property on the app module. #​17363
  • app.name is now a property. #​17701
  • nativeImage.templateImage is now a property on the nativeImage prototype. #​18124
  • Converted appLevelAppearance to be a property on systemPreferences. #​18477
  • Converted autoHideMenuBar to a property on BrowserWindow instances. #​18555
  • Converted savePath accessor to a property on DownloadItem instances. #​18677
  • Converted closable, fullscreenable, maximizable, minimizable, movable, and resizable to be properties on the BrowserWindow prototype. #​18618

Fixes

  • "Node integration with remote content" and "loading insecure content" warning messages are suppressed for localhost connections. #​18814
  • ELECTRON_RUN_AS_NODE now correctly parses both node options and v8 flags. E.g. --expose_gc #​19403
  • Fixed Linux console warning about gtk_disable_setlocale(). #​20012
  • Fixed triggeredByAccelerator Event property behavior for MenuItems. #​18865
  • Fixed a crash in window.print(). #​19728
  • Fixed a crash on manual print cancellation as well as an issue with deviceName not working. #​19668
  • Fixed a crash on tray popup being called multiple times in a row. #​18999
  • Fixed bug where the close event would not emit upon closing modal window on macOS. #​19014
  • Fixed crashReporter addExtraParameter / removeExtraParameter methods undefined in macOS node child processes. #​15790
  • Fixed desktopCapturer leak. #​20280
  • Fixed setting src on <webview> being too slow. #​18990
  • Fixed several cases where document.visibilityState would be incorrect. The win.show() and win.hide() methods now correctly update visibility state. #​20134
  • Fixed support for the webkitdirectory attribute on input[type=file] elements. #​18343
  • Fixed windows debug logging. #​18199
  • Node.JS globals (process, Buffer, etc.) are no longer removed from the global scope if you have contextIsolation enabled as it is safe for those variables to still exist in their isolated world. #​18967
  • Non-absolute session preload script paths are now ignored for sandboxed renderers. #​19066
  • getPath('logs') now throws a more descriptive error if it fails to find the logs path. #​19514
  • web-contents-created and browser-window-created no longer emit an empty object in place of Event. #​19465
  • Fixed an issue where netLog.startLogging() would silently fail when called immediately during app.on('ready').
  • Fixed an issue whereby requiring some modules before the app ready event had side effects. #​17496

Documentation

End of Support for 4.x.y

Electron 4.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

v6.1.12

Compare Source

Release Notes for v6.1.12

Other Changes

v6.1.11

Compare Source

Release Notes for v6.1.11

Fixes

  • Fixed issue with Promise.then context usage in V8

v6.1.10

Compare Source

Release Notes for v6.1.10

Fixes

  • Security: Backported fix for CVE-2020-6426: inappropriate implementation in V8. #​23046
  • Security: backported a fix for crbug.com/1065094. #​23060
  • Security: backported fix for a potential buffer overrun in WebRTC audio encoding. #​23038
  • Security: backported the fix to CVE-2020-6452: potential container-overflow in MediaStream mojo. #​23045

Other Changes

v6.1.9

Compare Source

Release Notes for v6.1.9

Fixes

v6.1.8

Compare Source

Release Notes for v6.1.8

Fixes

  • FixBrowserWindow.setFocusable(true) not working on Windows. #​21856
  • Fixed a crash that would occur when Notifications were closed in concert with app termination. #​21718
  • Fixed a potential issue with active Menu garbage collection. #​22152
  • Fixed an issue that could prevent communication between a sandboxed child window opened with nativeWindowOpen: false and an unsandboxed parent window. Also fixed document.visibilityState not working in sandboxed <webview>. #​21697
  • Fixed an issue where window.print() only worked once on a single BrowserWindow. #​21913
  • Fixed an issue where the credits set in About Panel credits were not dark mode aware on macOS. #​21925
  • Fixed bug where the close event would not emit upon closing modal window on macOS. #​22125
  • Fixed crash when restoring minimized hidden window on Windows. #​22153
  • Fixed fuzzy font rendering when hot-plugging displays on macOS Catalina. #​21878
  • Fixed incorrect button highlighting when defaultId is passed for dialog message boxes. #​22150
  • Fixed media-specific globalShortcuts not working on macOS. #​21690
  • Fixed memory leak when using javascript generator functions. #​21774
  • Removed unneccessary breakpad_symbols directory from the dsym zip file. #​22219

Other Changes

  • Updated crashReporter to throw an error for getLastCrashReport if crashReporter not started. #​21684

v6.1.7

Compare Source

Release Notes for v6.1.7

Fixes

  • Fixed Electron apps getting rejected to Mac App Store. #​20970

v6.1.6

Compare Source

Release Notes for v6.1.6

Fixes

  • Fixed accessibility window title on macOS. #​21465
  • Fixed flicker when switching between BrowserViews after creating new BrowserView. #​21396
  • Fixed throttling in webContents.setBackgroundThrottling. #​21359

Other Changes

v6.1.5

Compare Source

Release Notes for v6.1.5

Fixes

  • Disabled Touch Bar typing suggestions with autocorrect=off and spellcheck=false. #​21191
  • Fixed ENOMEM error with Node.js child_process when using empty options.env. #​21141
  • Fixed <webview>.capturePage() resolving with an empty object instead of NativeImage instance. #​21105
  • Fixed backgroundThrottling: false not having an effect. #​21014
  • Fixed broken globalShortcut.registerAll() on Windows and Linux. #​20982
  • Fixed broken focus with OOPIF embedded inside webview. #​21221
  • Fixed context menu disappearing when showing. #​21226
  • Fixed crash using v8 Date.toLocale* api with invalid locales. #​21188
  • Fixed exiting HTML fullscreen for cross-origin iframes (e.g. YouTube) while in macOS fullscreen. #​21020
  • Fixed flickering when maximizing and restoring frameless windows. #​21206
  • Fixed incorrect size of windows on differently scaled monitors. #​21137

v6.1.4

Compare Source

Release Notes for v6.1.4

Fixes

  • Backported webaudio security patch from upstream. #​20924

v6.1.3

Compare Source

Release Notes for v6.1.3

Fixes

  • Fixed a crash in Menus related to menu.popup(). #​20786
  • Fixed crashes when calling webContents.printToPDF() multiple times. #​20811
  • Fixed flicker when switching between BrowserViews. #​20834
  • Fixed hang when closing a scriptable popup window using the remote module. #​20716
  • Fixed memory leaks caused by callbacks not being released when the remote module is used in sub-frames (<iframe> or scriptable popup). #​20815

v6.1.2

Compare Source

Release Notes for v6.1.2

Fixes

v6.1.1

Compare Source

Release Notes for v6.1.1

Fixes

  • Fixed IPC hang when opening a specific case of nativeWindowOpen child window. #​20547
  • Fixed an issue where objects referenced by remote could sometimes not be correctly freed. #​20694

v6.1.0

Compare Source

Release Notes for v6.1.0

This release is a minor bump as it contains exactly one new feature. contextBridge module, this feature is outlined below along with the other fixes and changes that went into this release. The 6.1.x series is now only release line in the 6.x.y major release line that will receive bug fixes and security fixes. It is recommended you upgrade to 6.1.x.

Features

  • Added new contextBridge module to make it easier to communicate between an isolated context and the main world. #​20639

Fixes

  • Fixed fs.mkdir/mkdirSync hang with {recursive: true} for invalid names with node 12 on windows. #​20665
  • Fixed native modules size increase with VC++ and node 12 on windows. #​20627
  • Improved slow touchpad scrolling on windows. #​20488

Other Changes

  • Manually bump version to 6.1.0-beta.0 in prep for 6.1.0. 3ca62d9

v6.0.12

Compare Source

Release Notes for v6.0.12

Features

  • Set the ELECTRON_SKIP_BINARY_DOWNLOAD=1 environment variable to skip electron binary download. #​20438

Fixes

  • Fixed Node.js' worker_threads in ELECTRON_RUN_AS_NODE. #​20457
  • Fixed a regression in the recentDocuments MenuItem role on macOS. [#​20409

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot