Remove obsolete PDF thumbnail generation feature and Ghostscript dependency #7480
Assignees
Labels
security
Pull requests that address a vulnerability or otherwise improve security
Comments
|
Related Issue: #9142 The frontend rendering apps now handle attachments directly, and we just use generic icons. It should now be safe for the whitehall team to remove pre-rendering of attachments and the thumbnail rendering code, and get rid of Ghostscript. |
sengi
added
the
security
sengi
changed the title
|
Thanks both - I've raised https://trello.com/c/vjSowrs7/237-remove-thumbnail-generation-from-whitehall. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Whitehall currently uses Ghostscript to generate thumbnail icons for PDF attachments.
It's not clear whether this is even a useful feature (since most document cover pages look very similar and the thumbnail is too small for text to be readable), but if we want to keep generating these thumbnails then it's worth considering switching from Ghostscript to pdf.js to reduce the attack surface.Ghostscript is 70+ MB of old code, mostly written in C
, whereas pdf.js is way smaller and designed for security from the beginning.See Keith's comment below. We just need to delete the thumbnail code and remove Ghostscript.
The text was updated successfully, but these errors were encountered: