Tags: release.

Nyxt 3 Pre-release 2

Nyxt 3 Pre-release 2

This release was planned for later, but we've discovered a potential vulnerability in the way we treat internal pages. We consider it necessary to release a new version with a security patch. We urge everyone using Nyxt 3 pre-release 1 to update their installation to be safe.

The vulnerability is the following: we used to read-from-string Lisp code from the URL path of the pages currently open in all Nyxt buffers. Given that Lisp reader allows code evaluation by default, this could've caused arbitrary code execution in Nyxt. The scope of this vulnerability is quite restricted, though:

Artyom has pushed a fix restricting the URLs being parsed to strictly the internal ones, in commit eebf1f8d7, which is included in the Nyxt 3 pre-release 2.

Dangerous things aside, this pre-release still has lots of other bug fixes and new features added, making for a smooth usage experience and complete browser introspection.

Please feel free to share your feedback on our GitHub issue tracker!

You can download Nyxt 3 Pre-release 2 here.

Notable highlights:

Bug fixes


Did you enjoy this article? Register for our newsletter to receive the latest hacker news from the world of Lisp and browsers!