PDFtron uses outdated lodash component

Product: PDFTron WebViewer
Product Version: 8.2.0

Please give a brief summary of your issue:

  • PDFTron Webviewer uses an outdated and vulnerable version of lodash.
  • PDFTron 4.17.20 and latest as of this writing is 4.17.21

I would like to ask as to when the component will be updated.

Please describe your issue and provide steps to reproduce it:

Hi Adrianm
Thanks for contacting us for the support. I just notified our team of the outdated version of lodash. We will update it. It should be our next release



We upgraded to PDFTron Webviewer version 8.4.1, does this contain an updated version of lodash?

HI Adrianm
I am already upgrading the lodash into 4.17.21 this time! It’s not yet in 8.4.1. It should in the new release version.
It’s like these are two potential vulnerabilities:

But don’t worry about the version we are currently using because we are not using any of those vulnerable functions inside WebViewer.