The v1.2 patch is a cumulative update. It incorporates all previous fixes from version 1.1 and adds several high-priority improvements. It is primarily used to bridge the gap between older file formats and modern hardware acceleration, ensuring that users experience fewer crashes and faster rendering speeds. Key Improvements in v1.2
We recommend that all EDrawings users install the EDRW Patch v1.2 to take advantage of the improved performance, compatibility, and security features. EDRW Patch v1.2
| CVE ID | Severity | Affected Component | Description | Fixed in v1.2 | |--------|----------|--------------------|-------------|----------------| | CVE-2026-40812 | Critical | Handshake v1 (pre-1.1) | Predictable nonce allows session replay | ✅ Forced upgrade | | CVE-2026-40813 | Critical | edrw_decode_frame() | Heap overflow via malicious type-length-value | ✅ Bounds check + canary | | CVE-2026-40814 | High | Logging subsystem | Plaintext credential exposure in debug mode | ✅ Redaction engine | | CVE-2026-40815 | Medium | CLI --import-config | Path traversal (limited to /tmp/ ) | ✅ Canonicalization | | CVE-2026-40816 | Medium | ALI v1.0 (unreleased) | Information leak via timing variance | ✅ ALI noise injection | | CVE-2026-40817 | Low | ZTEV pre-check | Weak RNG in EID generation | ✅ /dev/urandom + entropy mixing | | 8 others | Low-Medium | Various | See full advisory EDRW-2026-10 | ✅ Patch set applied | The v1
Administrators should plan for a full upgrade to v1.2 before Q3 2027. Key Improvements in v1