Quantcast
Channel: ClearScript
Viewing all articles
Browse latest Browse all 2297

New Post: US-CERT: Vulnerability in the V8 JavaScript engine...

$
0
0
Hi Max,

We were not aware of this issue, but presumably the V8 team is.

In any case, our normal procedure is to pair each ClearScript release with the latest stable version of V8 on Windows as indicated here. The stable V8 versions are supported and receive security fixes as long as they remain in use and continue to be listed on that site. Bug fix releases on the stable branch should work with ClearScript, but you'll have to build them manually, overriding V8Update's compatibility warning.

All that having been said, ClearScript's latest release is paired with V8 4.2.77, which is no longer being updated. Although the latest version (.21) is newer than the one we tested, it doesn't appear to have the security fix.

All we can recommend at this time is that you try using a newer V8 branch or apply the Node.js or io.js patches to V8 4.2.77. The next ClearScript release will be paired with a new V8 version that should contain the fix.

Thanks, and good luck!

Viewing all articles
Browse latest Browse all 2297

Trending Articles