[MartinMond]

PSPDFKit CTO here. TL;DR on the PDFex vulnerability: The file format can carry both encrypted and unencrypted parts, which allows "injecting" malicious payload (embedded JavaScript, PDF forms that submit to remote URLs, etc) into an encrypted PDF that then can be used to exfiltrate the encrypted PDF parts, after the user decrypted the file (= entered the password).

We're currently investigating the vulnerability in detail and plan to ship an update ASAP that will allow our customers to mitigate it.

I'll be monitoring this thread to answer any questions.