Does someone know why do not the audacity team update the obselete dependence on ffmpeg 2.2?
FFmpeg 2.2.2 works with Audacity. There are also many important things that require the developer’s time, and only a very few developers that maintain and develop Audacity in their spare time. FFmpeg is likely to be updated soon, but that isn’t the highest priority.
As a matter of interest - just why do you want/need Audacity to have the latest version of FFmpeg.
The version we use now works fine for what most (probably nearly all) of our users need.
The only thing That I know of that is blocked is that Audacity on Mac can’t support Opus format with the current vn. of FFmpeg that we use.
WC
There are also very few QA folk to test such changes in their spare time - and very extensive testing would be required.
WC
There many CVEs were repaired on FFmpeg during that time since 2.2; does it have no effect on anything related to audacity?
Anyway, thanks for your responses.
Not as far as I can see. If an attacker has access to your computer, then your security is pretty well screwed already.
The situation is very different if FFmpeg is being used on a public server where an attacker may be able to feed specially crafted byte sequences to FFmpeg, but Audacity documentation is very clear that Audacity should never be run on a public server. For security, any applications running on a public server must be security hardened or completely inaccessible to the outside world.