Important WebKit Security Notice

While switching to the WebKit 2 API means a vastly improved security situation, not all distributions of Linux package the most up-to-date version of WebKitGTK+, and several package very outdated versions that have many known vulnerabilities. As of September 2019, Arch, Debian, Fedora, Gentoo, and Ubuntu all have the latest version of WebKitGTK+, but OpenSUSE ships an outdated and vulnerable version in their stable channel.

If you use Luakit for browsing, it is your responsibility to ensure that your distribution packages an up-to-date version of WebKitGTK+!