3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/applications/networking/instant-messengers/rambox
Maximilian Bosch e2a15cd395
rambox: unmaintain & mark as insecure
Rambox hasn't had a stable release in a while and an increasing number
of issues which is why I don't intend to use this anymore.

While taking a closer look at the source I also realized that it uses
Electron 7.2.4[1]. This is not only EOLed[2], it also contains a few
security vulnerabilities which is why I decided to mark it as insecure.

A few (most likely not all) vulnerabilities can be found by looking at
the Electron 7 changelog[3]: after 7.2.4 there were a few more releases
with security backports - mostly from Chromium. Security issues that
were found later on (and are probably exploitable on the dependency
chain of rambox) aren't listed here. I only added two issues that seemed
applicable to `rambox`, but I haven't researched enough to check the
other ones.

[1] https://github.com/ramboxapp/community-edition/blob/0.7.7/package.json#L70
[2] https://www.electronjs.org/docs/tutorial/support#currently-supported-versions
[3] https://www.electronjs.org/releases/stable?version=7
2021-06-05 13:13:42 +02:00
..
default.nix rambox: unmaintain & mark as insecure 2021-06-05 13:13:42 +02:00
pro.nix rambox-pro: 1.4.1 → 1.5.0 2021-01-31 23:22:37 +00:00
rambox.nix treewide: remove stdenv where not needed 2021-01-25 18:31:47 +01:00