diff options
Diffstat (limited to 'docs/ChangeLog/20250831')
| -rw-r--r-- | docs/ChangeLog/20250831/HelixRefactor.md | 37 | ||||
| -rw-r--r-- | docs/ChangeLog/20250831/PR25414.md | 5 |
2 files changed, 0 insertions, 42 deletions
diff --git a/docs/ChangeLog/20250831/HelixRefactor.md b/docs/ChangeLog/20250831/HelixRefactor.md deleted file mode 100644 index 58136ce06b..0000000000 --- a/docs/ChangeLog/20250831/HelixRefactor.md +++ /dev/null @@ -1,37 +0,0 @@ -# Refactor of `keyboards/helix` - -This series of PRs aims to align this keyboard's configuration with current standards, and also remove unnecessary contents. - -### Refactor `helix/pico` [#25428](https://github.com/qmk/qmk_firmware/pull/25428) - - Removes redundant `back`, `base`, `sc`, `under`, & `qmk_conf` revisions - - Migrates legacy defines and configuration to JSON - - Migrates `default` keymap to JSON - - Fixes RGB configuration to illuminate 25 LEDs per half - - Enables standard features like Bootmagic, extrakey, etc. - - Updates keyboard aliases accordingly - -### Refactor `helix/rev2` [#25429](https://github.com/qmk/qmk_firmware/pull/25429) - - Removes redundant `back`, `base`, `sc`, `under`, & `qmk_conf` revisions - - Renames `rev2` to `beta`, as the only PCB sources in the official Helix GitHub repository are named "[beta](https://github.com/MakotoKurauchi/helix/tree/master/PCB/beta)", this keyboard's name in QMK Firmware was already "beta", and this PCB is sold under the name "[beta](https://shop.yushakobo.jp/products/oss_pcb?variant=39452554231969)" on the Yushakobo store - - Migrates legacy defines and configuration to JSON - - Migrates `default` keymap to JSON - - Fixes RGB configuration to illuminate 32 LEDs per half - - Enables standard features like Bootmagic, extrakey, etc. - - Updates keyboard aliases accordingly - - Tidy's up OLED code - - Adds alternate 4 row layout, as this PCB allows users to snap off the bottom row - -### Refactor `helix/rev3_{4,5}rows` [#25430](https://github.com/qmk/qmk_firmware/pull/25430) - - The `rev3_4rows` and `rev3_5rows` firmwares are identical, except for the extra row users can snap off. The 4 row PCB is not sold anywhere as an individual product, only the [5 row PCB](https://shop.yushakobo.jp/products/2143). Thus, this PR removes the aforementioned two build targets and adds a single `rev3` revision - - Migrates legacy defines and configuration to JSON - - Migrates `default` keymap to JSON - - Removes RGB Light configuration - - Updates keyboard aliases accordingly - - Tidy's up OLED code - - Adds alternate 4 row layout, as this PCB allows users to snap off the bottom row - -### Migrate helix common configuration [#25433](https://github.com/qmk/qmk_firmware/pull/25433) - - Migrates common configuration shared between revisions to the top-level keyboard directory - - Improves `readme.md` to provide more detail regarding PCB revisions - - Removes unnecessary top-level `rules.mk` file and other general tidying - - Migrates `beta` and `pico` revisions to use RGB Matrix, which is more appropriate as these PCBs are fit with per-key RGB LEDs diff --git a/docs/ChangeLog/20250831/PR25414.md b/docs/ChangeLog/20250831/PR25414.md deleted file mode 100644 index bee901c6ca..0000000000 --- a/docs/ChangeLog/20250831/PR25414.md +++ /dev/null @@ -1,5 +0,0 @@ -# Mitigate VIA keylogger security issues [#25414](https://github.com/qmk/qmk_firmware/pull/25414) - -VIA's keyboard matrix testing functionality, which allows users to identify active key presses, has been identified as a potential security concern by community members and security researchers. This feature has been demonstrated to enable unauthorized keystroke capture, with documented examples showing how malicious scripts could exploit this capability to create keyloggers. A recent security assessment revealed that user credentials could be compromised by exploiting the matrix testing function combined with VIA's keycode assignment queries. In this attack scenario, a script could remain active during a locked session and capture password input when users authenticate upon return. - -The QMK team notified the VIA team of this security vulnerability on May 17, 2022, and made multiple subsequent attempts to coordinate a mitigation strategy. Despite repeated outreach, the VIA team has provided no acknowledgment or response to these security concerns. Given the severity of the potential security implications and the lack of engagement from the VIA team, the QMK team has unilaterally implemented a security enhancement that modifies the keyboard matrix testing functionality to prevent the reporting of key press events. This change prioritizes user security and data protection over potential feature compatibility concerns within VIA. |