Community Packages

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#75490 - electron12, electron13, electron14, electron16 are unsupported and vulnerable packages

Attached to Project: Community Packages
Opened by Nemo (captn3m0) - Tuesday, 02 August 2022, 09:38 GMT
Last edited by Bruno Pagani (ArchangeGabriel) - Saturday, 20 August 2022, 20:47 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Bruno Pagani (ArchangeGabriel)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


electron12, electron13, electron14, electron16 are all vulnerable, not maintained, and unsupported. These should not be included in the official repos.

Support Details:

There are only 2 packages that are dependent upon these old versions:


Specifically, these are the old "embedded" chrome versions included in the current versions:

- 12.2.3: chrome 96.0.4664.174
- 13.6.9: chrome 91.0.4472.164
- 14.2.9: chrome 93.0.4577.82
- 16.2.8: chrome 96.0.4664.174

The current stable version of chrome (which electron tracks) is 103.0.5060. Additionally, these are also using old versions of nodejs and openssl (both embedded).
Closed by  Bruno Pagani (ArchangeGabriel)
Saturday, 20 August 2022, 20:47 GMT
Reason for closing:  Fixed
Additional comments about closing:  Caprine updated, all electrons dropped to AUR (react-native-debugger is being worked on at l/42).
Comment by Bruno Pagani (ArchangeGabriel) - Tuesday, 02 August 2022, 23:43 GMT
Since both program are maintained by Nicola, I’m unassigning myself. I won’t remove 14/16 right now either, if these programs can be moved from 12/13 to one of these versions, that would already be much better (especially since 12/13 are the last remaining ones requiring python2 to build), so I’m letting this possibility open.
Comment by Bruno Pagani (ArchangeGabriel) - Thursday, 04 August 2022, 11:13 GMT
I think caprine should be switched to the fork listed in  FS#75448  (does even work with electron 20 !), and react-native-debugger likely dropped.