WPEwebkit.org

WPE WebKit 2.50.6 released

2026-03-12T00:00:00Z

This is a bug fix release in the stable 2.50 series.

What’s new in WPE WebKit 2.50.6?

Fix sample code included in the documentation of the webkit_user_content_manager_register_script_message_handler() function.
Fix MP4 muxing when using GStreamer 1.28.
Fix WebAudio not resuming correctly after using window.alert().
Fix WebAudio producing incorrect output in some cases due to incorrect sample buffer management.
Fix touch events not being promoted to axis (scroll) events when a certain threshold is reached.
Fix potential undesired jumps when finishing a drag-scroll touch gesture when using WPEPlatform.
Fix several crashes and rendering issues.

Checksums

wpewebkit-2.50.6.tar.xz (41.3 MiB)
   md5sum: 6875478c3406d02b9e02bb63a98b646a
   sha1sum: b948db18364f492096fb2010a6189f7824bbcb47
   sha256sum: 8864fd3f6116370d75425f9b1efa48eb188ccf42c92ae9e8aaf2dd51f9f27def

WPE WebKit 2.51.93 released

2026-03-06T00:00:00Z

This is a development release leading towards the 2.52 series.

What’s new in WPE WebKit 2.51.93?

Make text look like in other browsers by blending in linear color space.
Avoid composition for non visible layers with running animations.
Disable spawning the GStreamer registry scanner on Android.
Fix EGL display initialization on Android.
Fix several crashes and rendering issues.

Checksums

wpewebkit-2.51.93.tar.xz (61.8 MiB)
   md5sum: cadc702f31b19486bbd188759cabecc4
   sha1sum: 97315d46159da9ba9add0656d1aff872f1a47c93
   sha256sum: 1916e4605281faf2b241d8053b06c3678bc1ac234fc0fe543f3a0e729aecfa61

WPE WebKit 2.51.92 released

2026-02-27T00:00:00Z

This is a development release leading towards the 2.52 series.

What’s new in WPE WebKit 2.51.92?

Fix PDF rendering broken by the accelerated 2D canvas performance improvements.
Fix flickering while scrolling in some edge cases.
Support for rotation and mirroring in internal WebCodecs encoder.
System fallback font selection no longer takes style into account.
Fix page scrolling at faster speed when scrolling with more than one touch point in effect when using WPEPlatform.
Fix gamepad input by properly checking the active state for toplevels when using WPEPlatform.
Fix several crashes and rendering issues.

Checksums

wpewebkit-2.51.92.tar.xz (61.5 MiB)
   md5sum: 7d9fa2235932617f093516eea3557881
   sha1sum: 063255d55acf4d293815e33f8081113624b0310d
   sha256sum: e8a08dc219311c34845db527b49e52368f351546081b910e1d900aa081ba3f60

WPE WebKit 2.50.5 released

2026-02-09T00:00:00Z

This is a bug fix release in the stable 2.50 series.

What’s new in WPE WebKit 2.50.5?

Fix checking whether a view is active on gamepad input when using WPEPlatform.
Fix several crashes and rendering issues.

Checksums

wpewebkit-2.50.5.tar.xz (41.3 MiB)
   md5sum: 1d81485379005cca0236a278706f194f
   sha1sum: dd56b76eff8ba157a0291c0b61220666eed59313
   sha256sum: de4bfd20bfc921cdfc77e839ee4da84e2674bcb58b2f916172978d62fa115fc2

WPE WebKit 2.51.91 released

2026-02-06T00:00:00Z

This is a development release leading towards the 2.52 series.

What’s new in WPE WebKit 2.51.91?

Disable GPU process by default.
Improve asynchronous scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread.
Fix the build with old versions of libdrm.
Fix the build on i386.
Fix the build on Android.
Fix several crashes and rendering issues.

Checksums

wpewebkit-2.51.91.tar.xz (61.4 MiB)
   md5sum: 476f9dc1be8dead058860398da177489
   sha1sum: 90f96de36dccc5de450b4ee1309967c104fabee3
   sha256sum: aeed90b2463c4090d6e59cf56d55d5e7d596bcec6f1e95bebdc452a03920015a

WPE WebKit 2.51.90 released

2026-01-23T00:00:00Z

This is a development release leading towards the 2.52 series.

What’s new in WPE WebKit 2.51.90?

Improve performance of accelerated 2D canvas by recording operations for batched replay.
Remove the WPE Qt5 API binding. The Qt6 API is still available.
Add support to optinally use the WOFF2 support from FreeType. When enabled, the libwoff2 library is not needed.
Add support for damage propagation in non-composited mode.
Add webkit_context_menu_get_position() and webkit_context_menu_item_get_title().
Add hyphenation support through libhyphen. The feature may be toggled at build time via the USE_LIBHYPHEN CMake option.
Add WPEPlatform API to notify of graphics buffers configuration changes for a WPEView.
Add WPEPlatform API to create toplevels using wpe_display_create_toplevel().
When using WPEPlatform, rendering of web views is now paused while they are detached from a WPEToplevel.
Change context menu behaviour to match the GTK port more closely.
Change WPEScreenSyncObserver to support multiple callbacks.
Fix handling of touch scrolling in builds configured with ENABLE_WPE_LEGACY_API=OFF.
Fix introspection annotations in wpe_buffer_formats_builder_end() to properly indicate ownership of the passed WPEBufferFormatsBuilder reference.
Fix web process translatable strings to follow system locale.
Fix several crashes and rendering issues.

Checksums

wpewebkit-2.51.90.tar.xz (61.4 MiB)
   md5sum: ce7702504f1b5d7e3b6d019ffcf3d146
   sha1sum: 5716636f682d7d7b9381b4beb0f6197637e70b96
   sha256sum: bb0e158ad26cdd2e80794435df4d3b30fd5ee2241ab2cfc9c184c3dd1966f0b7

WPE WebKit 2.51.4 released

2025-12-19T00:00:00Z

This is a development release leading towards the 2.52 series.

What’s new in WPE WebKit 2.51.4?

Fix rendering of some PDFs due to issues in cross-thread transfer of accelerated bitmaps.
Fix a bug in compositor state causing that one frame could be sent to the UI process before the previous one is done.
Use timerfd_* when available to improve timer resolution.
Support using AHardwareBuffer as backing store for accelerated surfaces, which avoids copying graphics buffers shared among different processes when using WPEPlatform on Android.
Support non-composited page rendering, which may be beneficial on low-end embedded devices with weak GPUs, or without a GPU at all. This may be toggled at runtime by disabling the AcceleratedCompsiting feature flag.
Add the ENABLE_WPE_LEGACY_API CMake option, which allows disabling the libwpe-based API on builds that have the new WPEPlatform API enabled at build time.
Correctly handle the program name passed to the sleep disabler.
Change XKB context initialization to always succeed even if the default configuration directories are not present in the system.
Fix synthetic clicks for unhandled touch events being produced twice per event.
Fix the build with Clang 21.
Fix the build when support for Sysprof tracing is disabled.
Fix several crashes and rendering issues.

Checksums

wpewebkit-2.51.4.tar.xz (61.2 MiB)
   md5sum: 1c076185d8ce18b2abbd962fe8c22c2a
   sha1sum: c9779a1669c9ee6c6b3f9d3f1a0505222c178c27
   sha256sum: e83e6faa96d284b18f604727a4b658ef875250016a064bc691a5b320e6425c78

WebKitGTK and WPE WebKit Security Advisory WSA-2025-0010

2025-12-17T00:00:00Z

Date Reported: December 17, 2025
Advisory ID: WSA-2025-0010
CVE identifiers: CVE-2025-14174, CVE-2025-43501, CVE-2025-43529, CVE-2025-43531, CVE-2025-43535, CVE-2025-43536, CVE-2025-43541

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

CVE-2025-14174
- Versions affected: WebKitGTK and WPE WebKit before 2.50.4.
- Credit to Apple and Google Threat Analysis Group.
- Impact: Processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-43529 was also issued in response to this report. Description: A memory corruption issue was addressed with improved validation.
- WebKit Bugzilla: 303614
CVE-2025-43501
- Versions affected: WebKitGTK and WPE WebKit before 2.50.4.
- Credit to Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative.
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A buffer overflow issue was addressed with improved memory handling.
- WebKit Bugzilla: 301371
CVE-2025-43529
- Versions affected: WebKitGTK and WPE WebKit before 2.50.4.
- Credit to Google Threat Analysis Group.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report. Description: A use-after-free issue was addressed with improved memory management.
- WebKit Bugzilla: 302502
CVE-2025-43531
- Versions affected: WebKitGTK and WPE WebKit before 2.50.4.
- Credit to Phil Pizlo of Epic Games.
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A race condition was addressed with improved state handling.
- WebKit Bugzilla: 301940
CVE-2025-43535
- Versions affected: WebKitGTK and WPE WebKit before 2.50.4.
- Credit to Google Big Sleep, Nan Wang (@eternalsakura13).
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 301338
CVE-2025-43536
- Versions affected: WebKitGTK and WPE WebKit before 2.50.4.
- Credit to Nan Wang (@eternalsakura13).
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management.
- WebKit Bugzilla: 301726
CVE-2025-43541
- Versions affected: WebKitGTK and WPE WebKit before 2.50.4.
- Credit to Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative.
- Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A type confusion issue was addressed with improved state handling.
- WebKit Bugzilla: 301257

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.

WPE WebKit 2.50.4 released

2025-12-17T00:00:00Z

This is a bug fix release in the stable 2.50 series.

What’s new in WPE WebKit 2.50.4?

Correctly handle the program name passed to the sleep disabler.
Ensure GStreamer is initialized before applying quirks.
Fix usage of the cache API in nested workers.
Fix incorrect rendering of SVG path arc elements.
Fix several crashes and rendering issues.

Checksums

wpewebkit-2.50.4.tar.xz (41.3 MiB)
   md5sum: b6464338ca78bbc1a9d6b07ae280072f
   sha1sum: 28135d2a20f27c01177b13fb10489e2b1e4dde9f
   sha256sum: d204e405b0975508748c0273c18090304a979e1170ffa2a0a528fad90191ef87

WPE WebKit 2.51.3 released

2025-12-09T00:00:00Z

This is a development release leading towards the 2.52 series.

What’s new in WPE WebKit 2.51.3?

Add API to take image snapshots of web views, using webkit_web_view_get_snapshot() and webkit_web_view_get_snapshot_finish().
Add WPEPlatform API to obtain the contents of the clipboard, using wpe_clipboard_content_get_text() and wpe_clipboard_content_get_bytes().
Improve composition scheduling to avoid blocking waiting for tile painting.
Moved WebRTC network access to the NetworkProcess, when using GstWebRTC. This requires librice, and building with the CMake USE_LIBRICE option. When enabled, it is still possible to choose the older libnice-based implementation at runtime by setting the variable WEBKIT_GST_DISABLE_WEBRTC_NETWORK_SANDBOX=1 in the environment.
Add support the XR_ANDROID_raycast OpenXR extension for WebXR Hit Testing.
Add support to use super-tiled graphics buffers when running on Vivante GPUs. Currently setting WEBKIT_SKIA_USE_VIVANTE_SUPER_TILED_TILE_TEXTURES=1 in the environment is needed to opt-in into using those.
Ensure that GStreamer is properly initialized before applying any multimedia handling quirks.
Fix pointer event processing no longer working after a mouse right button press.
Fix PointerEvent behaviour for mouse events synthesized from touch inputs.
Fix seeking and looping of media elements that set the “loop” property.
Fix several crashes and rendering issues.

Checksums

wpewebkit-2.51.3.tar.xz (61.1 MiB)
   md5sum: 7af7dc1cb51a3ff09236cdac07bfe047
   sha1sum: 8ee59478963f1e89d9c9db623ff4399a820d2d76
   sha256sum: ab0d5f66e7de41e345aa82b93ed2f18de19063f95c7e427296ef86079ec5ba11