[Development] Qt PDF as a new TP module for Qt 5.14
Thiago Macieira
thiago.macieira at intel.com
Wed Aug 14 00:59:39 CEST 2019
On Tuesday, 13 August 2019 13:03:17 PDT Lisandro Damián Nicanor Pérez Meyer
wrote:
> PDF libraries tend to be a common source of CVEs, so whichever library
> is used it should be certainly easy to update without the need of a
> third party acting as a proxy.
That is also the biggest drawback with Poppler, so if PDFium does it better,
it's a nice advantage.
Poppler only ships security fixes for the latest version, not any past
release. So if you are affected, unless you have the knowledge to backport a
fix, you have to upgrade to a release which may contain new features.
But, if PDFium is part of Chromium now, I expect it'll follow the same
security policy: get the latest. And if that's the case, then the qtpdf module
must have ABSOLUTELY ZERO uses of Qt private API (including QPA).
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Development
mailing list