diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2021-06-04 22:31:13 +0200 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2021-06-05 13:13:42 +0200 |
commit | e2a15cd395f1e137c680d22f83cd195caf3d6c14 (patch) | |
tree | 914b2a6de86c5d98169681472fc2fd35702a22e8 /pkgs/applications/networking/instant-messengers/rambox | |
parent | 6f1857f2f2d12dcc7e46bff55540af1dcae578c6 (diff) |
rambox: unmaintain & mark as insecure
Rambox hasn't had a stable release in a while and an increasing number of issues which is why I don't intend to use this anymore. While taking a closer look at the source I also realized that it uses Electron 7.2.4[1]. This is not only EOLed[2], it also contains a few security vulnerabilities which is why I decided to mark it as insecure. A few (most likely not all) vulnerabilities can be found by looking at the Electron 7 changelog[3]: after 7.2.4 there were a few more releases with security backports - mostly from Chromium. Security issues that were found later on (and are probably exploitable on the dependency chain of rambox) aren't listed here. I only added two issues that seemed applicable to `rambox`, but I haven't researched enough to check the other ones. [1] https://github.com/ramboxapp/community-edition/blob/0.7.7/package.json#L70 [2] https://www.electronjs.org/docs/tutorial/support#currently-supported-versions [3] https://www.electronjs.org/releases/stable?version=7
Diffstat (limited to 'pkgs/applications/networking/instant-messengers/rambox')
-rw-r--r-- | pkgs/applications/networking/instant-messengers/rambox/default.nix | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/pkgs/applications/networking/instant-messengers/rambox/default.nix b/pkgs/applications/networking/instant-messengers/rambox/default.nix index cbec6babec3b0..8782a4bc5beb6 100644 --- a/pkgs/applications/networking/instant-messengers/rambox/default.nix +++ b/pkgs/applications/networking/instant-messengers/rambox/default.nix @@ -21,8 +21,11 @@ in mkRambox rec { description = "Free and Open Source messaging and emailing app that combines common web applications into one"; homepage = "https://rambox.pro"; license = licenses.mit; - maintainers = with maintainers; [ ma27 ]; + maintainers = with maintainers; [ ]; platforms = ["i686-linux" "x86_64-linux"]; hydraPlatforms = []; + knownVulnerabilities = [ + "Electron 7.2.4 is EOL and contains at least the following vulnerabilities: CVE-2020-6458, CVE-2020-6460 and more (https://www.electronjs.org/releases/stable?version=7). Consider using an alternative such as `ferdi'." + ]; }; } |