Today we have released Qt 5.4.2, the second patch update to Qt 5.4. In addition to improvements and fixes to Qt functionality it also packs new Qt Creator 3.4.1.
Qt 5.4.2 provides important security fixes for Qt WebEngine WeakDH vulnerability (CVE-2015-4000), DoS vulnerability in the BMP image handler (CVE-2015-0295) as well as security fixes for vulnerabilities in image handling of BMP (CVE-2015-1858), ICO (CVE-2015-1859) and GIF (CVE-2015-1860). Qt 5.4.2 also contains updates to the libpng (to version 1.6.17), the libtiff (to version 4.0.3) and the PCRE library (to version r1530) 3rd party components. These provide fixes to known vulnerabilities and provide general improvements.
Qt 5.4.2 maintains backward compatibility, both source and binary, with Qt 5.4.1 - but not to Qt 5.4.0, which unfortunately broke binary compatibility on Windows when using MSVC 2012 or MSVC 2013. This binary compatibility break was fixed in Qt 5.4.1, thus Qt 5.4.2 maintains full compatibility with the Qt 5 series (except for Qt 5.4.0).
If you are using online installer, Qt 5.4.2 can be updated using the maintenance tool. Offline packages are found from the Qt Account (for commercial users) and from the qt.io download page (for open-source users).