On Tuesday, 13 August 2019 13:03:17 PDT Lisandro Damián Nicanor Pérez Meyer wrote: > PDF libraries tend to be a common source of CVEs, so whichever library > is used it should be certainly easy to update without the need of a > third party acting as a proxy.
That is also the biggest drawback with Poppler, so if PDFium does it better, it's a nice advantage. Poppler only ships security fixes for the latest version, not any past release. So if you are affected, unless you have the knowledge to backport a fix, you have to upgrade to a release which may contain new features. But, if PDFium is part of Chromium now, I expect it'll follow the same security policy: get the latest. And if that's the case, then the qtpdf module must have ABSOLUTELY ZERO uses of Qt private API (including QPA). -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel System Software Products _______________________________________________ Development mailing list [email protected] https://lists.qt-project.org/listinfo/development
