Re: Poppler 24.04.0 released

[William Bader]

Until the full extent of the recent xz compromise is known, would it be 
possible to distribute in an additional format like bz2?
The compromise was introduced in xz 5.6.0, which is only in bleeding edge 
distributions, but the developer controlled releases starting at 5.3.1.

"backdoor in upstream xz/liblzma leading to ssh server compromise" 
https://www.openwall.com/lists/oss-security/2024/03/29/4

"Linux xz Backdoor Damage Could Be Greater Than Feared" 
https://thenewstack.io/linux-xz-backdoor-damage-could-be-greater-than-feared/




________________________________
From: poppler <poppler-boun...@lists.freedesktop.org> on behalf of Albert 
Astals Cid <aa...@kde.org>
Sent: Monday, April 1, 2024 4:08 AM
To: poppler@lists.freedesktop.org <poppler@lists.freedesktop.org>
Cc: ftp-rele...@lists.freedesktop.org <ftp-rele...@lists.freedesktop.org>
Subject: Poppler 24.04.0 released

Available from http://poppler.freedesktop.org/poppler-24.04.0.tar.xz

The tarball is signed at 
http://poppler.freedesktop.org/poppler-24.04.0.tar.xz.sig with my key
https://pgp.surfnet.nl/pks/lookup?op=get&search=0xCA262C6C83DE4D2FB28A332A3A6A4DB839EAA6D7

Release 24.04.0:
core:
 * Optimize page text extraction speed
 * Fix clipping path handling in some files. Issue #739
 * Fix regression in text selection
 * Fix text search across lines between paragraphs

qt6:
 * Fix crash in SoundObject::data

utils:
 * pdfsig: Add Catalan translation

build system:
 * Build code as C++20

This release was brought to you by Albert Astals Cid, Josep M. Ferrer, Nelson 
Benítez León, Stefan Brüns and everyone else that filed bugs or helped with 
code reviews :)

Testing, patches and bug reports welcome.

Cheers,
  Albert