Change8

v38.8.6

📦 electronView on GitHub →
🐛 4 fixes🔧 4 symbols

Summary

This patch release for v38.8.6 includes several bug fixes related to protocol validation, instance locking data serialization on Windows, header validation, and subframe origin handling for permission requests. Note that Electron 38.x.y is now end-of-support.

Migration Steps

  1. If you rely on protocol names that do not conform to RFC 3986, update your protocol names.
  2. If you pass large or complex data via `additionalData` in `app.requestSingleInstanceLock` on Windows, ensure the data is serializable and within limits, as truncation/deserialization issues are fixed.
  3. Ensure custom protocol or webRequest response header values only contain valid characters according to specifications.

🐛 Bug Fixes

  • Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar.
  • Fixed an issue where `additionalData` passed to `app.requestSingleInstanceLock` on Windows could be truncated or fail to deserialize in the primary instance's `second-instance` event.
  • Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected.
  • Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin.

Affected Symbols

app.requestSingleInstanceLocksecond-instance eventprotocol client methodswebRequest response header values
electron v38.8.6 - Change8