From announce at qt-project.org  Wed May  6 12:36:25 2026
From: announce at qt-project.org (List for announcements regarding Qt releases and development)
Date: Wed, 6 May 2026 10:36:25 +0000
Subject: [Announce] We released Qt Design Studio 4.8.2
Message-ID: <mailman.9506.1778063801.837.announce@qt-project.org>

We released Qt Design Studio 4.8.2 today, see: https://www.qt.io/blog/qt-design-studio-4.8.2-released

Big thanks to everyone involved!

Best Regards,
Thomas Hartmann


Confidential
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/announce/attachments/20260506/37e939bf/attachment.htm>

From announce at qt-project.org  Wed May  6 14:39:02 2026
From: announce at qt-project.org (List for announcements regarding Qt releases and development)
Date: Wed, 6 May 2026 12:39:02 +0000
Subject: [Announce] Security advisory: Type confusion and
 heap-buffer-overflow vulnerability in Qt SVG marker handling impacts Qt
Message-ID: <mailman.9521.1778071158.837.announce@qt-project.org>


Type Confusion and Heap-based Buffer Overflow vulnerability in the SVG marker and mask handling of the Qt SVG module has been discovered and has been assigned the CVE id CVE-2026-6210.

Impact: Loading and rendering an svg image can lead to pointers (QSvgNode *) being cast down to pointers to the wrong derived classes (QSvgMarker *, QSvgMask *) which can lead to executing a code path which does not expect endless recursion and therefore does not guard against it. The result is an application crash (denial of service).

CVSS 4.0 Score: 8.7 (HIGH)

Vector String:CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Mitigation: Ensure that all SVG content rendered by Qt SVG is only from trusted sources. Applications should validate and sanitize SVG content before loading, or implement additional security controls to restrict the sources of SVG files that can be loaded by users.

Solution: Apply the following patch or update to Qt 6.8.8 or Qt 6.11.1 or later.

Patches:
dev: https://codereview.qt-project.org/c/qt/qtsvg/+/724887
Qt 6.11: https://codereview.qt-project.org/c/qt/qtsvg/+/727507 or https://download.qt.io/official_releases/qt/6.11/CVE-2026-6210-qtsvg-6.11.diff
Qt 6.10: https://codereview.qt-project.org/c/qt/qtsvg/+/732200 or https://download.qt.io/official_releases/qt/6.10/CVE-2026-6210-qtsvg-6.10.diff
Qt 6.8: https://codereview.qt-project.org/c/qt/tqtc-qtsvg/+/727630 or https://download.qt.io/official_releases/qt/6.8/CVE-2026-6210-qtsvg-6.8.diff


Confidential
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/announce/attachments/20260506/12bde3d6/attachment.htm>

From announce at qt-project.org  Fri May  8 11:49:15 2026
From: announce at qt-project.org (List for announcements regarding Qt releases and development)
Date: Fri, 8 May 2026 09:49:15 +0000
Subject: [Announce] Qt Creator 20 Beta released
Message-ID: <mailman.9649.1778233775.837.announce@qt-project.org>

We are happy to announce the release of Qt Creator 20 Beta!

https://www.qt.io/blog/qt-creator-20-beta-released

? 
Eike Ziller
Principal Software Engineer

The Qt Company GmbH
Erich-Thilo-Str. 10
12489 Berlin, Germany
eike.ziller at qt.io
https://www.qt.io

Gesch?ftsf?hrer: Mika P?lsi, Juha Varelius, Jouni Lintunen Sitz der Gesellschaft: Berlin, Registergericht: Amtsgericht Charlottenburg, HRB 144331 B