Open SkewedZeppelin opened 1 year ago
Sav22999
commented
1 year ago @SkewedZeppelin yes, I know about the security issue, and I'm searching a new library which can replace the current one, with same performance of opening and viewing. Can you suggest something?
SkewedZeppelin
commented
1 year ago Up-to-date versions of MuPDF, iTextPDF, and PDFBox are options, although I haven't implemented them and wouldn't know their features or performance characteristics.
Sav22999
commented
1 year ago @SkewedZeppelin Thanks! I'll see about those and try something 😄
AxeldeWater
commented
1 year ago Wondered what the progress is with the fixing of this bug. I really like this app and would love for it to be safe to use again.
Sav22999
commented
1 year ago @AxeldeWater Hi! Thanks for the interesting. Currently I'm a bit busy with University and work, but this is in the "priority" on my to-do list.
Sorry for the waiting
f242
commented
1 year ago @Sav22999 any news? last version still vulnerable?
Sav22999
commented
1 year ago @f242 I'm looking for, I was trying to implement with muPdF (or similar) but it's complicated
dimaguy
commented
1 year ago Not going to lie, reading the app description and title going about how safe the app is adds a touch of irony (and confusion) when one sees the security alert on the bottom Should probably at least cut that out until the vulnerability is fixed (and your safety claim becomes true again)
licaon-kter
commented
1 year ago 
woheller69
commented
1 year ago F-Droid will remove your app via the above commit. Not because it is unsafe - that is not an issue - but because the Pdfium library is not built from source. And unfortunately this seems impossible with a simple build process...
We managed to build from source, but it is too complex to understand. See https://gitlab.com/fdroid/fdroiddata/-/merge_requests/12658
remileduc
commented
1 year ago What a shitshow...
Also, removing an app from the store without warning the users may lead to users blindly think their app are updated by the store and feel safe, while they aren't anymore...
licaon-kter
commented
1 year ago +8 months and no change? :(
yozachar
commented
9 months ago New release: https://github.com/Sav22999/sav-pdf-viewer-pro/releases/tag/1.13.2 without fixing this?
Sav22999
commented
9 months ago @yozachar To fix this issue it's required to replace the PDF library. I tried some others but I continue to prefer this (the other libraries are slower or doesn't have some features). I'm continuing, anyway, to look for a new open source library. I'm sorry. If you want to contribute to the developing you can create a PR with a better library
gigisforza70
commented
7 months ago If it helps, I found this fork of the library used in this project, the fork has been updated, text search and other functions have been implemented.
https://github.com/TEA-ebook/AndroidPdfViewer
Could someone try? Having text search as well would be very helpful
Sav22999
commented
7 months ago @gigisforza70 Thank you very much. I'll see it asap 💪👍
I am going though apps that use old native libraries on F-Droid: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496/
Your app uses com.github.barteksc:android-pdf-viewer:2.8.2 using PDFium@32b639d from 2016-01-14, which seems to have ~55+ known security issues. https://github.com/Sav22999/sav-pdf-viewer-pro/blob/1.9/app/build.gradle#L54
This was mentioned in #12, #20, and #25 but closed.
Newer versions do not seem to be available.