[Development] Security-relevant 3rd party components bundled with Qt

Volker Hilsheimer volker.hilsheimer at qt.io
Tue Nov 1 09:55:39 CET 2022

> On 20 Sep 2022, at 14:47, Volker Hilsheimer <volker.hilsheimer at qt.io> wrote:
> Those components should then be watched closer, and always get updated to the latest version, perhaps even for patch releases. To that end, I’ve started to collect a list of such components on
> https://wiki.qt.io/Third_Party_Code_in_Qt
> and would appreciate if you could have a look and add missing components to that page, esp if you are in charge of some of them. I’ve included a column that describes what kind of patches we apply when we update the 3rd party code (and this is perhaps a good opportunity to see if all of those are still necessary).

Hi again,

Thanks for populating that page with information about 3rd party components processing untrusted content.

As a next step, could those of you who are upgrading such components as part of the release process, please provide links to the respective upstream, and instructions on what is involved in the upgrading of the bundled sources?

Thanks a lot,


More information about the Development mailing list