[Development] Qt PDF as a new TP module for Qt 5.14

Thiago Macieira thiago.macieira at intel.com
Wed Aug 14 00:59:39 CEST 2019

On Tuesday, 13 August 2019 13:03:17 PDT Lisandro Damián Nicanor Pérez Meyer 
> PDF libraries tend to be a common source of CVEs, so whichever library
> is used it should be certainly easy to update without the need of a
> third party acting as a proxy.

That is also the biggest drawback with Poppler, so if PDFium does it better, 
it's a nice advantage.

Poppler only ships security fixes for the latest version, not any past 
release. So if you are affected, unless you have the knowledge to backport a 
fix, you have to upgrade to a release which may contain new features.

But, if PDFium is part of Chromium now, I expect it'll follow the same 
security policy: get the latest. And if that's the case, then the qtpdf module 
must have ABSOLUTELY ZERO uses of Qt private API (including QPA).

Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

More information about the Development mailing list