kimageformats and JPEG XR
Albert Astals Cid
aacid at kde.org
Fri Apr 10 15:40:49 BST 2026
KIMAGEFORMATS_JXR is disabled by default.
The CMakeLists.txt file says
# JXR plugin disabled by default due to security issues
option(KIMAGEFORMATS_JXR "Enable plugin for JPEG XR format" OFF)
The problem is that upstream jxrlib aka Microsoft is dead and there is no
"hope" they will fix the issues.
Some distributions enable KIMAGEFORMATS_JXR.
I was thinking we could:
A) Make it clear it is dangerous and rename the option to
KIMAGEFORMATS_WITH_KNOWN_CRASHES_JXR to make it clear you should not enable it
unless you know what you are doing
B) Since there's no "hope" the upstream ever fixes the issues we should just
remove the code, what's the point of having code that will never be "good"
C) Upstream is dead, BUT our own Mirco Miranda has a fork with lots of
security fixes so we should ask distributions to build from his fork at
https://github.com/mircomir/jxrlib
D) Just copy the sources of Mirco's fork to kimageformats itself and use
those instead of an external lib.
I think that C) is ideal but maybe puts more pressure on Mirco that he would
like about being "upstream" for jxrlib.
What do you all think?
Cheers,
Albert
More information about the Kde-frameworks-devel
mailing list