Security update for CVE-2022-23303, CVE-2022-23304 Update to version 2.10, which upstream maintainer advises for these CVEs.
**Version 3.3.8** (2022-02-04) * Fix a security issue when in a sandbox: the `sort` filter must require a Closure for the `arrow` parameter * Fix deprecation notice on `round` * Fix call to deprecated `convertToHtml` method
Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
Update to 2.4.4, fixes CVE-2022-23990.
Update to 2.34.5: * Improve VP8 codec selection when using GStreamer 1.20. * Fix connecting to the accessibility bus when using the Bubblewrap sandbox. * Fix links being incorrectly activated when starting a pinch zoom gesture. * Fix touch-based scrolling. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-22589, CVE-2022-22590, CVE-2022-22592