Security vulnerabilities in bundled ffmpeg binaries

[kaixxx]

Discussed in https://github.com/kaixxx/noScribe/discussions/106

^{Originally posted by **tidely** November 25, 2024} noScribe comes with 3 bundled ffmpeg binaries, to my understanding this is for the sake of not having any outside dependencies from the actual app bundle itself. However it seems the bundled ffmpeg binaries are not updated regularly and are currently on version 6.0. There have been multiple [security vulnerabilities ](https://www.ffmpeg.org/security.html) since this release. In my opinion the ffmpeg should be provided by the system and not bundled with the app. Since every time ffmpeg gets an update, you would need to repackage the app and update it for all users. ffmpeg is very popular and gets updated automatically on linux and macos (apt and brew). At the very least I'd encourage downloading the newest ffmpeg binaries and updating the app bundle. Bundled ffmpeg - No external dependency - 240mb larger repository size - Need to rebuild and distribute update every time ffmpeg updates System ffmpeg - External dependency - Takes no space in the repository - ffmpeg gets updated by the system TLDR: currently used old ffmpeg has [security vulnerabilities ](https://www.ffmpeg.org/security.html)

[kaixxx]

@tidely: Thanks for bringing this up. I've turned this into an issue as a reminder for myself. I will try to find a solution for the next release. Having no external dependencies is still something I would like to keep. But we should bundle the latest binary of ffmpeg and only one, if possible.

[gernophil]

Do we really bundle all binaries for every OS?