Today we have released Qt 5.4.2, the second patch update to Qt 5.4. In addition to improvements and fixes to Qt functionality it also packs new Qt Creator 3.4.1.

Qt 5.4.2 provides important security fixes for Qt WebEngine WeakDH vulnerability (CVE-2015-4000), DoS vulnerability in the BMP image handler (CVE-2015-0295) as well as security fixes for vulnerabilities in image handling of BMP (CVE-2015-1858), ICO (CVE-2015-1859) and GIF (CVE-2015-1860). Qt 5.4.2 also contains updates to the libpng (to version 1.6.17), the libtiff (to version 4.0.3) and the PCRE library (to version r1530) 3rd party components. These provide fixes to known vulnerabilities and provide general improvements.

Qt 5.4.2 maintains backward compatibility, both source and binary, with Qt 5.4.1 - but not to Qt 5.4.0, which unfortunately broke binary compatibility on Windows when using MSVC 2012 or MSVC 2013. This binary compatibility break was fixed in Qt 5.4.1, thus Qt 5.4.2 maintains full compatibility with the Qt 5 series (except for Qt 5.4.0).

The full list of important changes can be found from the change files for each module.

The standalone packages of Qt 5.4.2 also include new Qt Creator 3.4.1. See the blog post about Qt Creator 3.4.1 for the main improvements.

Today we have also released a new version 1.3 of the Qt Virtual Keyboard adding support to Japanese and Korean languages, for more info about it please check the Qt Virtual Keyboard 1.3 release blog post.

If you are using online installer, Qt 5.4.2 can be updated using the maintenance tool. Offline packages are found from the Qt Account (for commercial users) and from the qt.io download page (for open-source users).