security fix not listed in release notes for MacOS and Linux
hi!
in the advisory the MacOS, Linux and Windows versions of RDM are listed
https://devolutions.net/security/advisories/DEVO-2023-0016/
But only the release notes for Windows list the security fix explicitly - I cannot find that information in the MacOS or Linux release notes.
Where MacOS and Linux not affected or why is it not listed there?
What I am trying to find out: which version for MacOS and Linux include the fix.
This information would be helpful if it was stated in the advisory.
KR
G.
All Comments (2)
Well, this seems a weird case.
In the release note, we can see the following:
Updated EssentialObjects library (Chrome Embedded) to fix security vulnerability
This component is really only used in RDM Windows, so this specific release note would not apply to any other versions (in the other platforms we only support the native browser, e.g. Safari for macOS and iOS, Chrome (but not a third party component) for Android). It's possible we are simply missing an additional release note which would be referring to the SkiaSharp component which, in this case, is actually used throughout all of our platforms.
We might need to do some improving on making sure we properly include security fixes from security advisories in our release notes. I'll raise the case internally.
That being said, in the advisory itself, you should be able to see the versions with the fixes. See:
Currently fixed versions :
Remote Desktop Manager Windows 2023.2.33 and higher
Embedded chrome web browser vulnerability.
Remote Desktop Manager Windows 2023.2.32 and higher
SkiaSharp
Remote Desktop Manager iOS 2023.2.8.0 and higher
SkiaSharp
Remote Desktop Manager macOS 2023.2.10.4 and higher
SkiaSharp
Remote Desktop Manager Linux 2023.2.2.5 and higher
SkiaSharp
Best regards,
Xavier Fortin
thanks for clarification and updating the advisory.
KR
G.