Aller au contenu principal

· 3 mins à lire

With Apple Silicon hardware being released later this year, what does the path look like for you to get your Electron app running on the new hardware?


With the release of Electron 11.0.0-beta.1, the Electron team is now shipping builds of Electron that run on the new Apple Silicon hardware that Apple plans on shipping later this year. You can grab the latest beta with npm install electron@beta or download it directly from our releases website.

How does it work?

As of Electron 11, we will be shipping separate versions of Electron for Intel Macs and Apple Silicon Macs. Prior to this change, we were already shipping two artifacts, darwin-x64 and mas-x64, with the latter being for Mac App Store compatibility usage. We are now shipping another two artifacts, darwin-arm64 and mas-arm64, which are the Apple Silicon equivalents of the aforementioned artifacts.

What do I need to do?

You will need to ship two versions of your app: one for x64 (Intel Mac) and one for arm64 (Apple Silicon). The good news is that electron-packager, electron-rebuild and electron-forge already support targeting the arm64 architecture. As long as you're running the latest versions of those packages, your app should work flawlessly once you update the target architecture to arm64.

In the future, we will release a package that allows you to "merge" your arm64 and x64 apps into a single universal binary, but it's worth noting that this binary would be huge and probably isn't ideal for shipping to users.

Update: This package is now available at @electron/universal. You can use it to merge two packaged x64 and arm64 apps into a single binary.

Potential Issues

Native Modules

As you are targeting a new architecture, you'll need to update several dependencies which may cause build issues. La version minimale de certaines dépendances est incluse ci-dessous pour votre référence.

DependencyVersion Requirement
Xcode>=12.2.0
node-gyp>=7.1.0
electron-rebuild>=1.12.0
electron-packager>=15.1.0

As a result of these dependency version requirements, you may have to fix/update certain native modules. One thing of note is that the Xcode upgrade will introduce a new version of the macOS SDK, which may cause build failures for your native modules.

How do I test it?

Currently, Apple Silicon applications only run on Apple Silicon hardware, which isn't commercially available at the time of writing this blog post. If you have a Developer Transition Kit, you can test your application on that. Otherwise, you'll have to wait for the release of production Apple Silicon hardware to test if your application works.

What about Rosetta 2?

Rosetta 2 is Apple's latest iteration of their Rosetta technology, which allows you to run x64 Intel applications on their new arm64 Apple Silicon hardware. Although we believe that x64 Electron apps will run under Rosetta 2, there are some important things to note (and reasons why you should ship a native arm64 binary).

  • Your app's performance will be significantly degraded. Electron / V8 uses JIT compilation for JavaScript, and due to how Rosetta works, you will effectively be running JIT twice (once in V8 and once in Rosetta).
  • You lose the benefit of new technology in Apple Silicon, such as the increased memory page size.
  • Did we mention that the performance will be significantly degraded?

· 3 mins à lire

Join us for community bonding and a month-long celebration of open-source.


Hacktoberfest and Discord banner

Electron Community Discord Launch

Electron’s Outreach Working Group is excited to announce the launch of our official community Discord server!

Pourquoi un nouveau serveur Discord ?

In its early days as the backbone of the Atom text editor, community discussion on the Electron framework occurred in a single channel in Atom’s Slack workspace. As time passed and the two projects were increasingly decoupled, the relevance of the Atom workspace to the Electron project decreased, and maintainer participation in the Slack channel declined in the same manner.

Up until now, we had still been redirecting our broader community to the Atom Slack workspace, even though we’ve had many reports from folks who have had trouble receiving invitations, and few of our core maintainers were frequenting the channel.

We’re setting up this shiny new server to be a central discussion hub for the community where you can get the latest news on all things Electron.

Get in here!

So far, the server’s membership consists of a few maintainers who have been working together to set it up, but we’re so excited to chat with you all! Come ask for help, keep up to date with Electron releases, or just hang out with other developers. We’ve got a handy invite for you that’ll give you access to the server!

Hacktoberfest 2020

As a large and long-running open-source project, Electron wouldn’t have been nearly as successful without all the contributions from its community, from code submissions to bug reports to documentation changes, and much more. That’s why we believe in the importance of participating in Hacktoberfest to usher in a wider community of developers of all skill levels into the project.

Odds and ends

This year, we don’t have a wider project to give you all to work on, but we’d like to focus on opportunities to contribute across the Electron JavaScript ecosystem.

Faites Attention aux problèmes marqués hacktoberfest sur nos différents référentiels, y compris le principal electron/electron, le site electron/electronjs.org , electron/fiddle, et electron-userland/electron-forge !

P.S. Si vous vous sentez particulièrement aventureux et à la recherche de défis., nous avons également un arriéré de problèmes marqués par les tags help wanted.

Bloqué ? Come chat with us!

Moreover, it’s also no coincidence that the grand opening of our Discord server coincides with the largest celebration of open-source software of the year. Check out the #hacktoberfest channel to ask for help on your Hacktoberfest PR. Au cas où vous l’auriez manqué, voici le lien d’invitation à nouveau!

· 5 mins à lire

Electron 10.0.0 est disponible ! Cette version inclue les mises à jour vers Chromium 85, V8 8.5, et Node.js 12.16. Nous avons ajouté plusieurs nouvelles intégrations et améliorations de l'API. Lisez la suite ci-dessous pour plus de détails !


La team Electron est excitée d'annoncer la sortie de Electron 10.0.0 ! Vous pouvez l'installer via npm install electron@latest ou le télécharger depuis notre site officiel. Cette version inclue des mises à jour, des correctifs et de nouvelles fonctionnalités.

Dans cette version 10 de Electron, nous avons également modifié notre note de sorte. Pour qu'il soit plus facile de distiniguer ce qui est nouveau dans Electron 10 et ce qui peut avoir changé entre Electron 10 et les versions précédentes, nous incluons maintenant également des changements qui ont été introduits dans Electron 10, mais qui ont été rétroportés aux versions précédentes. Nous espérons que cela rendra l'intégration de nouvelles fonctionnalités et corrections plus facile pour les applications lors des mises à niveau d'Electron.

On a hâte de voir vos prochaines créations avec cette version ! Continuez de lire pour plus de détails sur cette version, et s'il vous plaît, partagez vos commentaires et remarques !

Changements notables

Changements de la Stack

Highlight Features

  • Added contents.getBackgroundThrottling() method and contents.backgroundThrottling property. [#21036]
  • Exposed the desktopCapturer module in the main process. #23548
  • Can now check if a given session is persistent by calling the ses.isPersistent() API. #22622
  • Resolve network issues that prevented RTC calls from being connected due to network IP address changes and ICE. (Chromium issue 1113227). #24998

Voir les notes de version 10.0.0 pour une liste complète des nouvelles fonctionnalités et des modifications.

Changements de rupture

  • Changed the default value of enableRemoteModule to false. #22091
    • This is part of our plans for deprecating the remote module and moving it to userland. You can read and follow this issue that details our reasons for this and includes a proposed timeline for deprecation.
  • Changed the default value of app.allowRendererProcessReuse to true. #22336 (Also in Electron 9)
    • This will prevent loading of non-context-aware native modules in renderer processes.
    • You can read and follow this issue that details our reasons for this and includes a proposed timeline for deprecation.
  • Fixed the positioning of window buttons on macOS when the OS locale is set to an RTL language (like Arabic or Hebrew). Frameless window apps may have to account for this change while styling their windows. #22016

More information about these and future changes can be found on the Planned Breaking Changes page.

API Changes

  • Session: Can now check if a given session is persistent by calling the ses.isPersistent() API. #22622
  • Contents: Added contents.getBackgroundThrottling() method and contents.backgroundThrottling property. #21036

Deprecated APIs

The following APIs are now deprecated or removed:

  • Removed the deprecated currentlyLoggingPath property of netLog. Additionally, netLog.stopLogging no longer returns the path to the recorded log. #22732
  • Deprecated uncompressed crash uploads in crashReporter. #23598

Fin du support pour 7.x.y

Electron 7.x.y a atteint sa limite pour le support conformément à la politique d'assistance du projetpolitique d'assistance. Developers and applications are encouraged to upgrade to a newer version of Electron.

What's Next

In the short term, you can expect the team to continue to focus on keeping up with the development of the major components that make up Electron, including Chromium, Node, and V8. Although we are careful not to make promises about release dates, our plan is release new major versions of Electron with new versions of those components approximately quarterly. Le planning escompté de la version 11.0.0 planning défini les dates clés du cycle de vie de développement d'Electron 11.0. Also, see our versioning document for more detailed information about versioning in Electron.

For information on planned breaking changes in upcoming versions of Electron, see our Planned Breaking Changes doc.

Poursuite du travail pour la dépréciation du module remote (dans Electron 11)

Nous avons commencé à travailler pour supprimer le module remote dans Electron 9 et nous continuons à envisager de supprimer le module remote. Dans Electron 11, nous prévoyons de poursuivre le travail de refactorisation pour l'implémentation de WeakRef comme nous l'avons fait avec Electron 10. Veuillez lire et suivre ce problème pour tous les plans et détails de la dépréciation.

Étape finale pour exiger que les Modules Natifs de Node soient Context Aware ou N-API (dans Electron 12)

Edit : À l'origine, ce billet de blog indiquait que nous désactiverions la réutilisation du processus de rendu dans Electron 11. La désactivation de la réutilisation du processus de rendu a maintenant été poussée vers Electron 12.

À partir d'Electron 6, nous avons préparé le terrain pour que les modules Node natifs chargés dans le processus de rendu, soient soit N-API ou Context Aware. L'imposition de ce changement apporte une sécurité accrue, des performances plus rapides et une charge de travail de maintenance réduite. La dernière étape de ce plan est de supprimer la possibilité de désactiver la réutilisation du processus de rendu dans Electron 12. Lisez à propos ce problème pour tous les détails, y compris le calendrier proposé.

· Une min à lire

At OpenJS World this morning, we announced that Electron has officially graduated from the OpenJS Foundation's incubation program, and is now an OpenJS Foundation Impact Project.

Electron entered incubation in December of 2019, at the last OpenJS Foundation global conference in Montreal. We're excited to take a larger role in the JavaScript community as an Impact Project, and continue our partnership with the OpenJS Foundation.


Learning more

You can read up on the foundation, its mission, and its members on the OpenJSF website. The OpenJS Foundation is host to a number of open source JavaScript projects including jQuery, Node.js, and webpack. It's supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, and Microsoft.

Electron is an open–source framework for building cross-platform desktop applications with web technologies. To learn more about the humans behind Electron and how they work together, take a look at our Governance page.

To get started with Electron itself, take a peek at our documentation.

· 2 mins à lire

Electron is proud to be participating in the second edition of Google's Season of Docs initiative, which pairs mentors from open source organizations with technical writers to improve project documentation.


What is Season of Docs?

Season of Docs logo

Season of Docs is a program that fosters collaboration between technical writers and open source communities to the benefit of both parties. Open source maintainers utilize the writer's technical writing expertise to improve the structure and content of their documentation, while the technical writer is introduced to an open-source community under the guidance of its mentors. Learn more about it on the Google's Season of Docs website.

For our first time participating in the program, we'll be mentoring a single technical writer who will be working alongside Electron's Ecosystem Working Group to reshape large parts of our documentation. You can learn more about the timeline of the whole project here.

How do I sign up?

Are you interested in collaborating with us as a technical writer? First, get familiar with Google's tech writer guide for this year's program, and check out the two project idea drafts that we have prepared.

In order to be selected as Electron's technical writer for Season of Docs, candidates will need to apply on the Google Season of Docs website during the Technical Writer Application phase that is running from June 8 to July 9..

Your application should include a proposal, which is a written document that describes in detail what you plan to achieve on the Electron docs over the course of 3 months. This proposal can either develop on one of the starting points mentioned in our Project Idea doc, or can be something entirely new. Don't know where to start? You can check out last year's list of accepted proposals for inspiration.

Aside from the proposal, we'll also be looking at your background as a technical writer. Please include a copy of your resume with an emphasis on relevant writing experience, as well as technical writing samples (these samples could be existing documentation, tutorial, blog posts, etc.)

If you want to discuss project proposals, shoot us an email at season-of-docs@electronjs.org and we can chat from there!

Références

· 4 mins à lire

Electron 9.0.0 est disponible ! Cette version inclue les mises à jour vers Chromium 83, V8 8.3, et Node.js 12.14. We've added several new API integrations for our spellchecker feature, enabled PDF viewer, and much more!


La team Electron est excitée d'annoncer la sortie de Electron 9.0.0 ! Vous pouvez l'installer via npm install electron@latest ou le télécharger depuis notre site officiel. Cette version inclue des mises à jour, des correctifs et de nouvelles fonctionnalités. On a hâte de voir vos prochaines créations avec cette version ! Continuez de lire pour plus de détails sur cette version, et s'il vous plaît, partagez vos commentaires et remarques !

Changements notables

Changements de la Stack

Highlight Features

  • Multiple improvements to the spellchecker feature. See more details in #22128 and #22368.
  • Improved window events handler efficiency on Linux. #23260.
  • Enable PDF viewer. #22131.

Voir les notes de version 9.0.0 pour une liste complète des nouvelles fonctionnalités et des modifications.

Changements de rupture

  • Deprecation warning when using remote without enableRemoteModule: true. #21546
    • This is the first step in our plans for deprecating the remote module and moving it to userland. You can read and follow this issue that details our reasons for this and includes a proposed timeline for deprecation.
  • Set app.enableRendererProcessReuse to true by default. #22336
    • This is continued work for a future requirement that native Node modules loaded in the renderer process be either N-API or Context Aware. Full info and proposed timeline is detailed in this issue.
  • Sending non-JavaScript objects over IPC now throws an exception. #21560
    • This behavior was depreciated in Electron 8.0. In Electron 9.0, the old serialization algorithm has been removed, and sending such non-serializable objects will now throw an "object could not be cloned" error.

More information about these and future changes can be found on the Planned Breaking Changes page.

API Changes

  • shell API changes:
    • The shell.openItem API has been replaced with an asynchronous shell.openPath API. proposal
  • sessionAPI changes:
    • Added session.listWordsFromSpellCheckerDictionary API to list custom words in the dictionary. #22128
    • Added session.removeWordFromSpellCheckerDictionary API to remove custom words in the dictionary. #22368
    • Added session.serviceWorkerContext API to access basic service worker info and receive console logs from service workers. #22313
  • app API changes:
    • Added a new force parameter to app.focus() on macOS to allow apps to forcefully take focus. #23447
  • BrowserWindow API changes:
    • Added support for property access to some getter/setter pairs on BrowserWindow. #23208

Deprecated APIs

The following APIs are now deprecated or removed:

  • shell.openItem API is now depreciated, and replaced with an asynchronous shell.openPath API.
  • <webview>.getWebContents, which was deprecated in Electron 8.0, is now removed.
  • webFrame.setLayoutZoomLevelLimits, which was deprecated in Electron 8.0, is now removed.

Fin du support pour 6.x.y

Electron 6.x.y a atteint la fin du support conformément au projet politique d'assistance. Developers and applications are encouraged to upgrade to a newer version of Electron.

What's Next

In the short term, you can expect the team to continue to focus on keeping up with the development of the major components that make up Electron, including Chromium, Node, and V8. Although we are careful not to make promises about release dates, our plan is release new major versions of Electron with new versions of those components approximately quarterly. Le planning escompté de la version 10.0.0 planning défini les dates clés du cycle de vie de développement d'Electron 10.0. Also, see our versioning document for more detailed information about versioning in Electron.

For information on planned breaking changes in upcoming versions of Electron, see our Planned Breaking Changes doc.

Change the default of contextIsolation from false to true (Starting in Electron 10)

Without contextIsolation, any code running in a renderer process can quite easily reach into Electron internals or an app's preload script. That code can then perform privileged actions that Electron wants to keep restricted.

Changing this default improves the default security of Electron apps, so that apps will need to deliberately opt in to the insecure behaviour. Electron will depreciate the current default of contextIsolation in Electron 10.0, and change to the new default (true) in Electron 12.0.

For more information on contextIsolation, how to enable it easily and it's security benefits please see our dedicated Context Isolation Document.

· Une min à lire

Electron is temporarily pausing major releases


What's Happening?

Our major release cadence schedule moves in lockstep with that of Chromium, and the Chromium project has made the recent decision to pause its releases due to adjusted work schedules. This means that for the duration of Chromium's altered cadence, Electron will also temporarily pause new major releases.

We feel that our best choice is to follow in Chromium's footsteps, and so in the interim the Electron team will shift to full-time work on bugfixes, security, performance, and stability.

We want to ensure that both our maintainers and our consumers' wellbeing is prioritized during this time, so we welcome your feedback and look forward to returning to our regular release schedule.

For more updates, please follow our Twitter account.

Edit (2020-03-30): Electron 9 stable will target Chromium M83 and be released on May 19, 2020, in response to Chromium's announcement of skipping the M82 stable date and adjusting the M83 stable date.

· 6 mins à lire

Electron 8.0.0 est disponible ! Cette version inclue les mises à jour vers Chromium 80, V8 8.0, et Node.js 12.13.0. We've added Chrome's built-in spellchecker, and much more!


La team Electron est excitée d'annoncer la sortie de Electron 8.0.0 ! Vous pouvez l'installer via npm install electron@latest ou le télécharger depuis notre site officiel. Cette version inclue des mises à jour, des correctifs et de nouvelles fonctionnalités. On a hâte de voir vos prochaines créations avec cette version ! Continuez de lire pour plus de détails sur cette version, et s'il vous plaît, partagez vos commentaires et remarques !

Changements notables

Changements de la Stack

Highlight Features

  • Implemented usage of Chrome's built-in spellchecker feature. See more details in #20692 and #21266.
  • IPC communication now uses v8's Structured Clone Algorithm. This is faster, more featureful, and less surprising than the existing logic, and brings about a 2x performance boost for large buffers and complex objects. Latency for small messages is not significantly affected. See more details in #20214.

Voir les notes de version 8.0.0 pour une liste complète des nouvelles fonctionnalités et des modifications.

Changements de rupture

  • Show module name in deprecation warning for context-aware modules. #21952
    • This is continued work for a future requirement that native Node modules loaded in the renderer process be either N-API or Context Aware. Full info and proposed timeline is detailed in this issue.
  • Values sent over IPC are now serialized with Structured Clone Algorithm. #20214
  • Offscreen Rendering is currently disabled due to lack of a maintainer to work on this feature. It broke during the Chromium upgrade and was subsequently disabled. #20772

More information about these and future changes can be found on the Planned Breaking Changes page.

API Changes

  • app API changes:
    • Ajout de app.getApplicationNameForProtocol(url). #20399
    • Added app.showAboutPanel() and app.setAboutPanelOptions(options) support on Windows. #19420
  • BrowserWindow API changes:
    • Updated docs to note that BrowserWindow options hasShadow is available on all platforms #20038
    • Added trafficLightPosition option to BrowserWindow options to allow custom positioning for traffic light buttons. #21781
    • Added accessibleTitle option to BrowserWindow for setting the accessible window title #19698
    • BrowserWindow.fromWebContents() can now return null #19983
    • Added BrowserWindow.getMediaSourceId() and BrowserWindow.moveAbove(mediaSourceId). #18926
    • Added support for will-move event on macOS. #19641
  • Documenté précédemment non documenté crashReporter.getCrashesDirectory(). #20417
  • dialog API changes:
    • Added dontAddToRecent property to dialog.showOpenDialog and dialog.showOpenDialogSync to prevent documents from being added to recent documents on Windows in open dialogs. #19669
    • Added property customization to dialog.showSaveDialog and dialog.showSaveDialogSync. #19672
  • Notification API changes:
    • Added timeoutType option to allow Linux/Windows users to set the type of notification timeout. #20153
    • Added urgency option to set urgency on Linux notifications. #20152
  • session API changes:
    • Updated documentation on session.setProxy(config) and session.setCertificateVerifyProc(proc) to note optional options. #19604
    • Added session.downloadURL(url) to allow to triggering downloads without a BrowserWindow. #19889
    • Added support for HTTP preconnect resource hints via session.preconnect(options) and the preconnect event. #18671
    • Added session.addWordToSpellCheckerDictionary to allow custom words in the dictionary #21297
  • Added option to shell.moveItemToTrash(fullPath[, deleteOnFail]) on macOS to specify what happens when moveItemToTrash fails. #19700
  • systemPreferences API changes:
    • Updated systemPreferences.getColor(color) documentation for macOS. #20611
    • Ajout du type de média screen à systemPreferences.getMediaAccessStatus(). #20764
  • Added nativeTheme.themeSource to allow apps to override Chromium and the OS's theme choice. #19960
  • TouchBar API changes:
    • Added accessibilityLabel property to TouchBarButton and TouchBarLabel to improve TouchBarButton/TouchBarLabel accessibility. #20454
    • Updated TouchBar related documentation #19444
  • tray API changes:
    • Added new options to tray.displayBalloon(): iconType, largeIcon, noSound and respectQuietTime. #19544
    • Added tray.removeBalloon(), which removes an already displayed balloon notification. #19547
    • Added tray.focus(), which returns focus to the taskbar notification area. feat: add tray.focus() #19548
  • webContents API changes:
    • Added contents.executeJavaScriptInIsolatedWorld(worldId, scripts[, userGesture]) to expose executeJavaScriptInIsolatedWorld on the webContents API. #21190
    • Added methods to capture a hidden webContents. #21679
    • Added options to webContents.print([options], [callback]) to enable customization of print page headers and footers. #19688
    • Added ability to inspect specific shared workers via webContents.getAllSharedWorkers() and webContents.inspectSharedWorkerById(workerId). #20389
    • Added the support of fitToPageEnabled and scaleFactor options in WebContents.printToPDF(). #20436
  • Updated webview.printToPDF documentation to indicate return type is now Uint8Array. #20505

Deprecated APIs

The following APIs are now deprecated:

  • Deprecated the nonfunctional visibleOnFullScreen option within BrowserWindow.setVisibleOnAllWorkspaces prior to its removal in the next major release version. #21732
  • Deprecated alternate-selected-control-text on systemPreferences.getColor(color) for macOS. #20611
  • Deprecated setLayoutZoomLevelLimits on webContents, webFrame, and <webview> Tag because Chromium removed this capability. #21296
  • The default value of false for app.allowRendererProcessReuse is now deprecated. #21287
  • Deprecated <webview>.getWebContents() as it depends on the remote module. #20726

Fin du support pour 5.x.y

Electron 5.x.y a atteint la fin du support conformément au projet politique d'assistance. Developers and applications are encouraged to upgrade to a newer version of Electron.

Programme de feedback

We continue to use our App Feedback Program for testing. Projects who participate in this program test Electron betas on their apps; and in return, the new bugs they find are prioritized for the stable release. If you'd like to participate or learn more, check out our blog post about the program.

What's Next

In the short term, you can expect the team to continue to focus on keeping up with the development of the major components that make up Electron, including Chromium, Node, and V8. Although we are careful not to make promises about release dates, our plan is release new major versions of Electron with new versions of those components approximately quarterly. Le planning escompté de la version 9.0.0 planning défini les dates clés du cycle de vie de développement d'Electron 9. Also, see our versioning document for more detailed information about versioning in Electron.

For information on planned breaking changes in upcoming versions of Electron, see our Planned Breaking Changes doc.

Deprecation of remote Module (Starting in Electron 9)

Due to serious security liabilities, we are beginning plans to deprecate the remote module starting in Electron 9. You can read and follow this issue that details our reasons for this and includes a proposed timeline for deprecation.

· 2 mins à lire

At Node+JS Interactive in Montreal, the OpenJS Foundation announced that it accepted Electron into the Foundation's incubation program. The Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities for the benefit of the community at large.

The OpenJS Foundation is host to a number of open source JavaScript projects including jQuery, Node.js, and webpack. It's supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, and Microsoft. Electron is an open–source framework for building cross-platform desktop applications with web technologies.

This is an exciting move for Electron, and we see it as a next step in our evolution as an open-source project.


What this means for developers

Electron joining the OpenJS Foundation does not change how Electron is made, released, or used — and does not directly affect developers building applications with Electron. Even though Electron was originally created at GitHub in 2013, it is currently maintained by a number of organizations and individuals. In 2019, Electron codified its governance structure and invested heavily into formalizing how decisions affecting the entire project are made. We believe that having multiple organizations and developers investing in and collaborating on Electron makes the project stronger.

Lifting Electron up from being owned by a single corporate entity and moving it into a neutral foundation focused on supporting the web and JavaScript ecosystem is a natural next step as we mature as an open-source project.

Learning more

You can read up on the foundation, its mission, and its members on the OpenJSF website. For more information and quotes about the acceptance of Electron into the OpenJSF incubation program, check out the official press release. To learn more about the humans behind Electron and how they work together, take a look at our Governance page.

To get started with Electron itself, take a peek at our documentation.

· 2 mins à lire

A High severity vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron.

This vulnerability has been assigned CVE-2019-13720. Vous pouvez en lire d'avantage à ce sujet dans ce billet du Chrome Blog .

Please note that Chrome has reports of this vulnerability being used in the wild so it is strongly recommended you upgrade Electron as soon as possible.


Scope

This affects any Electron application that may run third-party or untrusted JavaScript.

Atténuation

Affected apps should upgrade to a patched version of Electron.

We've published new versions of Electron which include fixes for this vulnerability:

Electron 7.0.1 automatically included the fix from upstream, before the announcement was made. Electron 8 n'est pas non plus affecté. La vulnérabilité n'existait pas dans Electron 5, cette version n'est donc pas affectée.

Informations complémentaires 

This vulnerability was discovered by Anton Ivanov and Alexey Kulaev at Kaspersky Labs and reported to the Chrome team. Le billet du blog Chrome peut être trouvé ici.

Pour en savoir plus sur les meilleures pratiques pour sécuriser vos applications Electron, consultez notre tutoriel de sécurité.

Si vous souhaitez signaler une vulnérabilité dans Electron, envoyez un e-mail à security@electronjs.org.