Back to news

Fabric.js 7.4.0 Released with Security Fix: What It Means for WebPS

Fabric.js 7.4.0 fixes CVE-2026-44311 and improves viewport rotation. WebPS, built on Fabric.js, will benefit from enhanced security and more accurate canvas manipulation. Keep your editor updated.

Fabric.js 7.4.0Fabric.js 7.4.0canvas libraryCVE-2026-44311viewport rotation fixWebPS update

Fabric.js, the popular HTML5 canvas library that powers many web-based image editors including WebPS, has released version 7.4.0 on May 18, 2026. This update is particularly important because it addresses a security vulnerability (CVE-2026-44311) and introduces a fix for viewport rotation handling.

Security Fix for CVE-2026-44311

The headline change in Fabric.js 7.4.0 is the resolution of CVE-2026-44311. While specific details of the vulnerability are not disclosed in the release notes, the official Fabric.js releases page explicitly states "Security notice Fixes CVE-2026-44311". Security vulnerabilities in a core library like Fabric.js can potentially affect any application that uses it, including WebPS. Users of WebPS can rest assured that the team will promptly update their underlying Fabric.js dependency to benefit from this fix.

Viewport Rotation Fix

Another notable improvement is a fix by contributor kausters that "Honor viewport rotation in zoom, dimensions, and control coords." This means that when a canvas is rotated, the zoom level, object dimensions, and control handles now correctly respect the rotation state. For users of WebPS, this translates to more predictable and accurate image manipulation, especially when working with rotated layers or entire compositions.

Other Changes and Improvements

Version 7.4.0 also includes several maintenance updates:

  • Update to major eslint to 10 (chore)
  • Fix non-functional typos
  • Various dependency bumps including oxfmt, vitest, es-toolkit, postcss, and rolldown
  • Fix typecheck from security advisory merge

These updates ensure that Fabric.js remains stable, well-tested, and up-to-date with the latest development tools. For WebPS, which relies heavily on Fabric.js for its canvas operations, these improvements translate to better overall performance and fewer edge-case bugs.

What This Means for WebPS Users

WebPS is an online image editor that leverages Fabric.js for its canvas-based editing features. When WebPS updates to Fabric.js 7.4.0, users will benefit from:

  • Enhanced security due to the CVE fix
  • Improved viewport rotation behavior
  • General stability and compatibility improvements

We recommend that WebPS users ensure they are using the latest version of the editor to take advantage of these updates. The WebPS team is committed to keeping the platform secure and performant.

How to Stay Updated

To get the most out of WebPS and Fabric.js, always use the latest version of WebPS. Check the WebPS editor for any notifications about updates. For more technical details about Fabric.js 7.4.0, you can view the full changelog on the Fabric.js releases page.

Conclusion

Fabric.js 7.4.0 is a significant update that fixes a security vulnerability and improves core canvas functionality. As a user or developer of WebPS, this update ensures a safer and more reliable image editing experience. Stay tuned for the WebPS update that will incorporate these changes.

FAQ

FAQ

What is CVE-2026-44311?

CVE-2026-44311 is a security vulnerability in Fabric.js that has been fixed in version 7.4.0. Specific details are not disclosed in the release notes, but it is confirmed to be a security issue.

How does the viewport rotation fix affect WebPS?

The fix ensures that zoom, dimensions, and control coordinates correctly respect viewport rotation. This means more accurate manipulation of rotated objects in WebPS.

When will WebPS update to Fabric.js 7.4.0?

WebPS updates its underlying Fabric.js library as part of its regular maintenance. We recommend checking the WebPS editor for updates.