Electron Releases

Fixes

• Ensured cross-origin fetch() and XHR are blocked for custom protocols registered with supportFetchAPI: true unless corsEnabled: true is also set; cross-origin mode: 'no-cors' requests now receive an opaque response. #51271 ^{(Also in 39, 41, 42)}

• Fixed webContents.printToPDF rejecting on all subsequent calls after a prior call was rejected with an invalid pageRanges value. #51220 ^{(Also in 41, 42)}

• Fixed a crash when providing invalid HTTP header names or values in the webRequest.onBeforeSendHeaders() callback. #51364 ^{(Also in 41, 42)}

• Fixed a crash that could occur when an autofill suggestion popup was shown while a window was closing. #51334 ^{(Also in 41, 42)}

• Fixed an issue where app-region: drag inside a hidden WebContentsView would still drag the parent window on Windows. #51247 ^{(Also in 41, 42)}

• Fixed an issue where an Electron macOS update would not be applied if another app was previously blocking the macOS system update loop. #51211 ^{(Also in 41, 42)}

• Fixed buggy behavior where Backspace would accept macOS text replacements inside contenteditable elements. #51345 ^{(Also in 41, 42)}

Other Changes

• Backported a fix for route_id validation in the GPU command buffer. #51320

• Backported security fixes for 493319454, 494158331, 493234757, 492736100, 493413432, 492668885, 496281816. #51258

• Backported several fixes in Skia, ANGLE, and WebRTC from upstream. #51265