Bump CefSharp.Common from 79.1.360 to 85.3.130 #1466

New Issue

MrUnknownDE · 2026-04-05T17:49:47+02:00

MrUnknownDE commented

2026-04-05 17:49:47 +02:00

Originally created by @dependabot[bot] on 10/27/2020

Bumps CefSharp.Common from 79.1.360 to 85.3.130.

Release notes

Sourced from CefSharp.Common's releases.

v85.3.130

October 25, 2020, CEF 85.3.13+gcd6cbe0+chromium-85.0.4183.121 / Chromium 85.0.4183.121

CEF now supports the Chromium Network Service: If you are upgrading from a version prior to 75.1.x please make sure you read cefsharp/CefSharp#2743.

Visual C++ 2015 or greater is required, see Notes below for more information

⚠️ Critical Security Update

See Heap overflow in the freetype library (CVE-2020-15999) for details.

Change Log

Includes updated Chromium Embedded Framework(CEF) version for CVE-2020-15999 Heap overflow in the freetype library.

For a complete list of changes see the 85.3.x Milestone.

ℹ️ Notes

CefSharp requires a minimum of Visual C++ 2015. See cefsharp/CefSharp#1983 for details. You can bin deploy the VC++ dependencies, read the FAQ for more details. VC++ 2017/2019 are backwards compatible. For a list of files included in the packages see https://github.com/cefsharp/CefSharp/wiki/Output-files-description-table-%28Redistribution%29

Chromium has removed support for Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. See https://chrome.googleblog.com/2015/11/updates-to-chrome-platform-support.html

Starting in June 2019 Google will block logins from CEF based browsers to Google Services, this includes Gmail, Drive, Docs, see https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html?m=1 for further discussion see https://groups.google.com/a/chromium.org/d/msg/embedder-dev/STyM5ZNTHMM/POj1v_cqBgAJ

Due to licensing issues default builds do not support proprietary codecs like H264/AAC, sites like Netflix/Twitter/Instagram/Facebook won't play video/audio. See #1479 for more info. MP3 audio is supported, MP4 video is not.

Anyone new to CefSharp should read the General Usage Guide

This project uses GitLink for better debugging, you can step directly into much of the project source directly from Visual Studio see #1680 for details on how to enable GitLink

WPF now has touch support which is enabled by default. Support for Stylus is not enabled by default, see cefsharp/CefSharp#228 for further details

⚠️ Known Issues

WPF there is some visible tearing/glitches on resize, GPU Compositing has been disabled by default as a workaround #3114

WinForms when running on Windows 10 Anniversary pressing certain key combinations freezes the browser see #1822 The issue has been reported upstream, there are workarounds listed in #1822

Save as PDF is not working when viewing PDF with Print Preview enabled see https://bitbucket.org/chromiumembedded/cef/issues/2867/save-as-pdf-is-not-working-in-pdf-viewer

WPF touch scroll aborted if browser navigates within document https://bitbucket.org/chromiumembedded/cef/issues/2936/osr-touch-scrolling-initiated-by-touch

Fonts incorrectly loaded on Win7 see https://bitbucket.org/chromiumembedded/cef/issues/2858/fonts-not-loading-look-wrong-on-windows-7

window.focus() does not bring popup window to front see https://bitbucket.org/chromiumembedded/cef/issues/2931/windowfocus-does-not-bring-the-window-to

OnProtocolExecution Page goes blank after link click see https://bitbucket.org/chromiumembedded/cef/issues/2715/onprotocolexecution-page-goes-blank-after

Crash on Win10 when computer wakes from sleep see https://bitbucket.org/chromiumembedded/cef/issues/2924/crash-on-libcef-when-windows-10-wakes-from

Background colour cannot be override for popups see https://bitbucket.org/chromiumembedded/cef/issues/2482/background_color-cannot-be-overridden-for

WPF Browser goes blank if used in combination with TabControl see #2779

CefSettings.IgnoreCertificateErrors no longer works, use the ignore-certificate-errors command line arg as a workaround or alternatively use OnCertificateError to selectively allow a certificate and/or display a dialog to your users see https://stackoverflow.com/a/35564187/852806 for an example.

See https://bitbucket.org/chromiumembedded/cef/issues?status=new&status=open for other known issues

See https://github.com/cefsharp/CefSharp/issues?q=is%3Aissue+is%3Aopen+label%3Aknown-issue for other known issues

⚠️ Breaking Changes ⚠️

CefSettings.RegisterExtension method has been removed see cefsharp/CefSharp#3184

DefaultRequestHandler class has been removed, use RequestHandler instead, see cefsharp/CefSharp#3124

Javascript Binding Naming is now configurable, BindingOptions.CamelCaseJavascriptNames has been removed see cefsharp/CefSharp#3141 for an updated usage example.

For Network Service API changes see cefsharp/CefSharp#2743

All paths (CachePath, BrowserSubProcessPath, etc) must be absolute paths, if using a non-absolute path an exception will be throw. See #3102 for details.

When using a RequestContext you must ensure that RequestContextSettings.CachePath is equal to or a child of CefSettings.RootCachePath See cefsharp/CefSharp#3111 for details

Adobe Flash is disabled by default, it can be re-enabled if required #3048 (Flash support is scheduled to be removed from Chromium)

... (truncated)

Commits

e8d0a17 Upgrade to 85.3.13+gcd6cbe0+chromium-85.0.4183.121 / Chromium 85.0.4183.121
c530e9e Xml Doc - Fix param reference
11a2635 Update version number to 85.3.121
5e9a41b Xml Doc - Minor improvements
aa8e8b3 Core - HtmlString charSet was never assigned
84e0415 Core - JavascriptCallbackProxy::ExecuteWithTimeoutAsync return failure task
dadb4fa Test - Add CanEvaluateScriptAsPromiseAsyncReturnObject
fe4c0b6 Test - Add expiry to DevToolsClientFacts.CanSetCookieForDomain test
cd1a239 Core - Improve DevTools Client xml doc
c9c624c Core - Add Cookie.SameSite and Cookie.Priority
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

*Originally created by @dependabot[bot] on 10/27/2020* Bumps [CefSharp.Common](https://github.com/cefsharp/CefSharp) from 79.1.360 to 85.3.130. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cefsharp/CefSharp/releases">CefSharp.Common's releases</a>.</em></p> <blockquote> <h2>v85.3.130</h2> <h4>October 25, 2020, CEF 85.3.13+gcd6cbe0+chromium-85.0.4183.121 / Chromium 85.0.4183.121</h4> <blockquote> <ul> <li>CEF now supports the <strong>Chromium Network Service</strong>: If you are upgrading from a version prior to <code>75.1.x</code> please make sure you read <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/2743">cefsharp/CefSharp#2743</a>.</li> <li><strong>Visual C++ 2015</strong> or greater is required, see <code>Notes</code> below for more information</li> </ul> </blockquote> <h3>⚠️ Critical Security Update</h3> <p>See <a href="https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62">Heap overflow in the freetype library (CVE-2020-15999)</a> for details.</p> <h4>Change Log</h4> <ul> <li>Includes updated <code>Chromium Embedded Framework(CEF)</code> version for <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999">CVE-2020-15999</a> Heap overflow in the freetype library.</li> </ul> <p>For a complete list of changes see the <a href="https://github.com/cefsharp/CefSharp/issues?q=milestone%3A85.3.x+">85.3.x Milestone</a>.</p> <h4>ℹ️ Notes</h4> <ul> <li><code>CefSharp</code> requires a minimum of <code>Visual C++ 2015</code>. See <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/1983">cefsharp/CefSharp#1983</a> for details. You can bin deploy the <code>VC++</code> dependencies, read the <code>FAQ</code> for more details. <code>VC++ 2017/2019</code> are backwards compatible. For a list of files included in the packages see <a href="https://github.com/cefsharp/CefSharp/wiki/Output-files-description-table-%28Redistribution%29">https://github.com/cefsharp/CefSharp/wiki/Output-files-description-table-%28Redistribution%29</a></li> <li><code>Chromium</code> has removed support for <code>Windows XP</code>, <code>Windows Vista</code>, <code>Windows Server 2003</code> and <code>Windows Server 2008</code>. See <a href="https://chrome.googleblog.com/2015/11/updates-to-chrome-platform-support.html">https://chrome.googleblog.com/2015/11/updates-to-chrome-platform-support.html</a></li> <li>Starting in June 2019 Google will block logins from CEF based browsers to Google Services, this includes Gmail, Drive, Docs, see <a href="https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html?m=1">https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html?m=1</a> for further discussion see <a href="https://groups.google.com/a/chromium.org/d/msg/embedder-dev/STyM5ZNTHMM/POj1v_cqBgAJ">https://groups.google.com/a/chromium.org/d/msg/embedder-dev/STyM5ZNTHMM/POj1v_cqBgAJ</a></li> <li>Due to licensing issues default builds do not support proprietary codecs like <code>H264/AAC</code>, sites like <code>Netflix/Twitter/Instagram/Facebook</code> won't play video/audio. See <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/1479">#1479</a> for more info. <code>MP3</code> audio is supported, <code>MP4</code> video is not.</li> <li>Anyone new to <code>CefSharp</code> should read the <a href="https://github.com/cefsharp/CefSharp/wiki/General-Usage">General Usage Guide</a></li> <li>This project uses <code>GitLink</code> for better debugging, you can step directly into much of the project source directly from <code>Visual Studio</code> see <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/1680">#1680</a> for details on how to enable <code>GitLink</code></li> <li><code>WPF</code> now has touch support which is enabled by default. Support for Stylus is not enabled by default, see <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/228#issuecomment-489065987">cefsharp/CefSharp#228</a> for further details</li> </ul> <h4>⚠️ Known Issues</h4> <ul> <li><code>WPF</code> there is some visible tearing/glitches on resize, <code>GPU Compositing</code> has been disabled by default as a workaround <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/3114">#3114</a></li> <li><code>WinForms</code> when running on <code>Windows 10 Anniversary</code> pressing certain key combinations freezes the browser see <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/1822">#1822</a> The issue has been reported <code>upstream</code>, there are workarounds listed in <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/1822">#1822</a></li> <li><code>Save as PDF</code> is not working when viewing PDF with Print Preview enabled see <a href="https://bitbucket.org/chromiumembedded/cef/issues/2867/save-as-pdf-is-not-working-in-pdf-viewer">https://bitbucket.org/chromiumembedded/cef/issues/2867/save-as-pdf-is-not-working-in-pdf-viewer</a></li> <li><code>WPF</code> touch scroll aborted if browser navigates within document <a href="https://bitbucket.org/chromiumembedded/cef/issues/2936/osr-touch-scrolling-initiated-by-touch">https://bitbucket.org/chromiumembedded/cef/issues/2936/osr-touch-scrolling-initiated-by-touch</a></li> <li><code>Fonts</code> incorrectly loaded on <code>Win7</code> see <a href="https://bitbucket.org/chromiumembedded/cef/issues/2858/fonts-not-loading-look-wrong-on-windows-7">https://bitbucket.org/chromiumembedded/cef/issues/2858/fonts-not-loading-look-wrong-on-windows-7</a></li> <li><code>window.focus()</code> does not bring popup window to front see <a href="https://bitbucket.org/chromiumembedded/cef/issues/2931/windowfocus-does-not-bring-the-window-to">https://bitbucket.org/chromiumembedded/cef/issues/2931/windowfocus-does-not-bring-the-window-to</a></li> <li>OnProtocolExecution Page goes blank after link click see <a href="https://bitbucket.org/chromiumembedded/cef/issues/2715/onprotocolexecution-page-goes-blank-after">https://bitbucket.org/chromiumembedded/cef/issues/2715/onprotocolexecution-page-goes-blank-after</a></li> <li>Crash on Win10 when computer wakes from sleep see <a href="https://bitbucket.org/chromiumembedded/cef/issues/2924/crash-on-libcef-when-windows-10-wakes-from">https://bitbucket.org/chromiumembedded/cef/issues/2924/crash-on-libcef-when-windows-10-wakes-from</a></li> <li>Background colour cannot be override for popups see <a href="https://bitbucket.org/chromiumembedded/cef/issues/2482/background_color-cannot-be-overridden-for">https://bitbucket.org/chromiumembedded/cef/issues/2482/background_color-cannot-be-overridden-for</a></li> <li>WPF Browser goes blank if used in combination with TabControl see <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/2779">#2779</a></li> <li><code>CefSettings.IgnoreCertificateErrors</code> no longer works, use the <code>ignore-certificate-errors</code> command line arg as a workaround or alternatively use <code>OnCertificateError</code> to selectively allow a certificate and/or display a dialog to your users see <a href="https://stackoverflow.com/a/35564187/852806">https://stackoverflow.com/a/35564187/852806</a> for an example.</li> <li>See <a href="https://bitbucket.org/chromiumembedded/cef/issues?status=new&status=open">https://bitbucket.org/chromiumembedded/cef/issues?status=new&status=open</a> for other known issues</li> <li>See <a href="https://github.com/cefsharp/CefSharp/issues?q=is%3Aissue+is%3Aopen+label%3Aknown-issue">https://github.com/cefsharp/CefSharp/issues?q=is%3Aissue+is%3Aopen+label%3Aknown-issue</a> for other known issues</li> </ul> <h4>⚠️ Breaking Changes ⚠️</h4> <ul> <li> <p><code>CefSettings.RegisterExtension</code> method has been removed see <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/3184">cefsharp/CefSharp#3184</a></p> </li> <li> <p><code>DefaultRequestHandler</code> class has been removed, use <code>RequestHandler</code> instead, see <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/3124">cefsharp/CefSharp#3124</a></p> </li> <li> <p>Javascript Binding Naming is now configurable, <code>BindingOptions.CamelCaseJavascriptNames</code> has been removed see <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/pull/3141#issuecomment-664261216">cefsharp/CefSharp#3141</a> for an updated usage example.</p> </li> <li> <p>For <code>Network Service API</code> changes see <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/2743">cefsharp/CefSharp#2743</a></p> </li> <li> <p>All paths (CachePath, BrowserSubProcessPath, etc) <strong>must</strong> be absolute paths, if using a non-absolute path an exception will be throw. See <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/3102">#3102</a> for details.</p> </li> <li> <p>When using a <code>RequestContext</code> you <strong>must</strong> ensure that RequestContextSettings.CachePath is equal to or a child of CefSettings.RootCachePath See <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/3111#issuecomment-629713608">cefsharp/CefSharp#3111</a> for details</p> </li> <li> <p><code>Adobe Flash</code> is disabled by default, it can be re-enabled if required <a href="https://github-redirect.dependabot.com/cefsharp/CefSharp/issues/3048">#3048</a> (Flash support is scheduled to be removed from Chromium)</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cefsharp/CefSharp/commit/e8d0a176212108e1b23125cc756eb39f03020367"><code>e8d0a17</code></a> Upgrade to 85.3.13+gcd6cbe0+chromium-85.0.4183.121 / Chromium 85.0.4183.121</li> <li><a href="https://github.com/cefsharp/CefSharp/commit/c530e9ed3655a742fd8b4dad09ccade8fa156156"><code>c530e9e</code></a> Xml Doc - Fix param reference</li> <li><a href="https://github.com/cefsharp/CefSharp/commit/11a2635d61fd17861d4b8f3d708c791ca9ce7469"><code>11a2635</code></a> Update version number to 85.3.121</li> <li><a href="https://github.com/cefsharp/CefSharp/commit/5e9a41b256ed0334834bae403cf54bf8a3659bb3"><code>5e9a41b</code></a> Xml Doc - Minor improvements</li> <li><a href="https://github.com/cefsharp/CefSharp/commit/aa8e8b3208bb6a5d1658d1cc8670b13cd83bf26f"><code>aa8e8b3</code></a> Core - HtmlString charSet was never assigned</li> <li><a href="https://github.com/cefsharp/CefSharp/commit/84e041537642dea4a6be75aa8e1aaf24ed4678af"><code>84e0415</code></a> Core - JavascriptCallbackProxy::ExecuteWithTimeoutAsync return failure task</li> <li><a href="https://github.com/cefsharp/CefSharp/commit/dadb4fa707a6bc689b3d8f45a2bfd681f090cf91"><code>dadb4fa</code></a> Test - Add CanEvaluateScriptAsPromiseAsyncReturnObject</li> <li><a href="https://github.com/cefsharp/CefSharp/commit/fe4c0b66a28564e1803863ce15d9610f7d9c080d"><code>fe4c0b6</code></a> Test - Add expiry to DevToolsClientFacts.CanSetCookieForDomain test</li> <li><a href="https://github.com/cefsharp/CefSharp/commit/cd1a239b96316d35d209db0d3f20d4ef9bcd1e86"><code>cd1a239</code></a> Core - Improve DevTools Client xml doc</li> <li><a href="https://github.com/cefsharp/CefSharp/commit/c9c624c000ffc6bdcfa47645b882b35e801f254c"><code>c9c624c</code></a> Core - Add Cookie.SameSite and Cookie.Priority</li> <li>Additional commits viewable in <a href="https://github.com/cefsharp/CefSharp/compare/v79.1.360...v85.3.130">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=CefSharp.Common&package-manager=nuget&previous-version=79.1.360&new-version=85.3.130)](https://docs.github.com/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pypy-vrc/VRCX/network/alerts). </details>

MrUnknownDE closed this issue

2026-04-05 17:49:47 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/VRCX#1466