From 27091109a8741436f5bdf2e352d3afb32813eec7 Mon Sep 17 00:00:00 2001
From: Florian Bruhin You're using qutebrowser with the QtWebKit backend. Unfortunately, QtWebKit hasn't seen a release (including security updates)
-since June 2017, and it also lacks various security features (process
-isolation/sandboxing) present in QtWebEngine. While QtWebKit has gained some traction again recently, its latest release
+(5.212.0 Alpha 3) is still based on an old upstream WebKit. It also lacks
+various security features (process isolation/sandboxing) present in
+QtWebEngine. From the upstream release notes: Because of those security issues and the maintaince burden coming with
-supporting QtWebKit, support for it will be dropped in a future qutebrowser
-release. It's recommended that you use QtWebEngine instead. It's recommended that you use QtWebEngine instead. Most reasons why people preferred the QtWebKit backend aren't relevant anymore: PDF.js support: This qutebrowser release comes with PDF.js support
-for QtWebEngine. PDF.js support: Supported with QtWebEngine since qutebrowser v1.5.0. Missing control over Referer header: This qutebrowser release
-supports content.headers.referer for QtWebEngine. Missing control over Referer header: content.headers.referer is supported with QtWebEngine since
+qutebrowser v1.5.0. Missing control over cookies: With Qt 5.11 or newer, the content.cookies.accept setting works on QtWebEngine.WARNING: This release is based on old WebKit revision with known
+unpatched vulnerabilities. Please use it carefully and avoid visiting untrusted
+websites and using it for transmission of sensitive data. Wait for new release
+from qtwebkit-dev branch to use it with untrusted content.
+
+(Outdated) reasons to use QtWebKit
Missing support for notifications: Those aren't supported yet in -Qt, but support is planned to be added in Qt 5.13, released around May 2019.
+Missing support for notifications: With qutebrowser v1.7.0, initial +notification support was added for Qt 5.13.0.
-Resource usage: This release adds the Resource usage: qutebrowser v1.5.0 added the qt.process_model and qt.low_end_device_mode settings which can be used to decrease the resource usage of QtWebEngine (but come with other drawbacks).
@@ -50,10 +53,8 @@ heaps of security issues... rendering. With Qt 5.13 (~May 2019) it might be possible to run with Nouveau without software rendering. -Wayland: It's possible to use QtWebEngine with XWayland. Some users -also seem to be able to run it natively with Qt 5.11, but currently, QUTE_SKIP_WAYLAND_CHECK=1 needs to be set in the -environment to do so.
+Wayland: It's possible to use QtWebEngine with XWayland. With Qt +5.11.2 or newer, qutebrowser also runs natively with Wayland.
Instability on FreeBSD: Those seem to be FreeBSD-specific crashes, and unfortunately nobody has looked into them yet so far...
-- cgit v1.2.3-54-g00ecf