search

qbittorrent / qBittorrent

qBittorrent BitTorrent client
https://www.qbittorrent.org
Other
28.48k stars 3.99k forks source link

Backport PR 21364 into 4.6.x #21781

Closed nazar-pc closed 1 week ago

nazar-pc commented 2 weeks ago

https://github.com/qbittorrent/qBittorrent/pull/21364

Can we get this backported to v4.6.x branch given its security nature? Due to v5.0 requirements for Qt, new versions are not available in Ubuntu 24.04 (https://github.com/qbittorrent/qBittorrent/issues/21608#issuecomment-2448416657). I believe because of this, it warrants having security release for older branch. Leaving 24.04 out of support feels kinda cheap consider this is current LTS and released just few months ago.

Originally posted by @proton-ab in https://github.com/qbittorrent/qBittorrent/issues/21364#issuecomment-2452090051

stalkerok commented 2 weeks ago

No. IMO, Sharp Security's dirty PR at the expense of exaggerating a non-existent issue. Has nothing to do with security.

ArcticGems commented 2 weeks ago

No. IMO, Sharp Security's dirty PR at the expense of exaggerating a non-existent issue. Has nothing to do with security.

So Sharp Security's findings are wrong???

nazar-pc commented 2 weeks ago

This is not the right place to debate whether the issue is real or not. The issue is quite obviously real and significant, or else it wouldn't be fixed.

The only remaining question is whether maintainers will backport the fix for Ubuntu LTS and similar distros or not. I personally hope they do, hence the issue, but it is up to them of course.

stalkerok commented 2 weeks ago

So Sharp Security's findings are wrong???

The findings are very much exaggerated to make a name for themselves.

The issue is quite obviously real and significant, or else it wouldn't be fixed.

It's not significant. You want security? Don't use the internet and don't download anything via torrent.

xavier2k6 commented 2 weeks ago

@sledgehammer999 Please contribute when free.