This component does not process external data, so it is not security-critical. Yes, the characters presented to its functions may come from external sources, but that's not different from, say, a QRect being parsed from -geometry. The fact that there is code that parses a -geometry into a QRect doesn't make QRect a data-parser, or security-critical. It's just container for the result, and so is QUnicodeTables: a container for char32_t-indexed properties. This accompanying qt_attribution.json confirms that this component is not security-critical. Task-number: QTBUG-135195 Pick-to: 6.10 6.8 Change-Id: I565bd885220c0282ce7fb801411f12a80052465f Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>