[Development] Qt PDF as a new TP module for Qt 5.14

Thiago Macieira thiago.macieira at intel.com
Wed Aug 14 00:59:39 CEST 2019


On Tuesday, 13 August 2019 13:03:17 PDT Lisandro Damián Nicanor Pérez Meyer 
wrote:
> PDF libraries tend to be a common source of CVEs, so whichever library
> is used it should be certainly easy to update without the need of a
> third party acting as a proxy.

That is also the biggest drawback with Poppler, so if PDFium does it better, 
it's a nice advantage.

Poppler only ships security fixes for the latest version, not any past 
release. So if you are affected, unless you have the knowledge to backport a 
fix, you have to upgrade to a release which may contain new features.

But, if PDFium is part of Chromium now, I expect it'll follow the same 
security policy: get the latest. And if that's the case, then the qtpdf module 
must have ABSOLUTELY ZERO uses of Qt private API (including QPA).

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products





More information about the Development mailing list