Releases: itext/itextpdf
iText 5.5.13.4
Security update of Bouncy Castle dependency to fix CVE-2024-29857.
While in the past we would ask our users to update this transitive dependency themselves, there has been a slight change in the Bouncy Castle API which warranted this release.
iText 5.5.13.3
Since the release of iText 5.5.13 the iText 5 product line has transitioned to be in maintenance mode, meaning it only receives security related releases. While iText 5 is now EOL, we want to make sure that our users who have developed their solutions using iText 5 can safely continue using it.
For this particular release, we’ve backported a security bug fix from iText 7.2.0 and 7.1.17 to resolve a vulnerability that allowed the use of GhostScript in an unpredictable manner. See CVE-2021-43113 for more information.
In addition, we have updated the Apache XML Security for Java (org.apache.santuario:xmlsec) dependency to version 1.5.8 from version 1.5.6.
The Bouncy Castle Crypto API for Java has also been updated to version 1.67 due to a flaw in the OpenBSDBCrypt.checkPassword() method present in 1.65 and 1.66. This was disclosed in CVE-2020-28052, see the link for more details.
Note that if you use some of the older Java versions (Java 1.5-1.8) you might need to update the bouncy castle dependency to a different specific distribution. On Maven it's org.bouncycastle.bcprov-jdk15to18.
From https://www.bouncycastle.org/latest_releases.html:
"Further Note (users of Oracle JVM 1.7 or earlier, users of "pre-Java 9" toolkits): As of 1.63 we have started including signed jars for "jdk15to18", if you run into issues with either signature validation in the JCE or the presence of the multi-release versions directory in the regular "jdk15on" jar files try the "jdk15to18" jars instead."
An example of an exception which might occur if the “standard" bouncy-castle distribution is used together with older Java versions:
java.security.NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available.
iText 5.5.13.2
core
- security update of bouncy castle dependency
iText 5.5.13.1
core
- security fix for clearer signatures validation
- security improvement around decompression bombs
iText 5.5.13
iText 5.5.13
is a maintenance release that rolls up 4 bugfixes for iText 5 Core from the past 5 months:
- As of this release XFA Worker is no longer supported on .NET 2.0 - instead you need to use .NET 4.0.
- Support has been added for License Key Library 3.0.1. Users on License Key Library 1.0.x should migrate to 3.0.1.
- 3 bugfixes for iText 5 Core
5.5.13
. - 1 bugfix for XFA Worker
5.5.13
(commercial add-on, not on GitHub).
Please be informed that at the same time we release pdfXFA1.0.3
, an add-on for iText 7. All bugfixes for XFA Worker5.5.13
were ported to pdfXFA1.0.3
.
No new functionality has been added since 5.5.11
.
The full list of changes can be found in the changelogs and the release in our download hub for Java and .NET.
If you use Maven, then you can download iText from the Central Repository by adding one or more of the following XML snippets to your pom.xml
:
<dependency>
<groupId>com.itextpdf</groupId>
<artifactId>itextpdf</artifactId>
<version>${itext.version}</version>
</dependency>
<dependency>
<groupId>com.itextpdf</groupId>
<artifactId>itext-pdfa</artifactId>
<version>${itext.version}</version>
</dependency>
<dependency>
<groupId>com.itextpdf</groupId>
<artifactId>itext-xtra</artifactId>
<version>${itext.version}</version>
</dependency>
<dependency>
<groupId>com.itextpdf.tool</groupId>
<artifactId>xmlworker</artifactId>
<version>${itext.version}</version>
</dependency>
Still questions about the release, don't hesitate to contact us.
iText 5.5.12
iText 5.5.12
is a maintenance release that rolls up 22 bugfixes for iText 5 Core from the past 5 months:
- 22 bugfixes for iText 5 Core 5.5.12.
- 6 bugfixes for XFAWorker 5.5.12 (Commercial add-on, not on GitHub).
No new functionality has been added since 5.5.11
.
At the same time we also release pdfXFA 1.0.2, an add-on for iText 7. All bugfixes for XFAWorker 5.5.12 were ported to pdfXFA 1.0.2.
iText 5.5.11
iText 5.5.11
is a maintenance release that rolls up 28 bugfixes from the past 5 months. No new functionality has been added since 5.5.10
.
iText 5.5.10
Changelog: http://itextpdf.com/changelog/5510
Release Notes: http://itextpdf.com/release/iText5510
Download: https://github.com/itext/itextpdf/releases/tag/5.5.10
iText 5.5.9
Changelog: http://itextpdf.com/changelog/559
Release Notes: http://itextpdf.com/release/iText559
Download: https://github.com/itext/itextpdf/releases/tag/5.5.9
iText 5.5.8
For this release, we combined the itextpdf
, pdfa
, xtra
and xmlworker
repositories on GitHub. You no longer need to download XML Worker separately, it is included in the ZIP file below. You'll have to make small changes to your development environment if you import the iText source code.
A new site, a new release! We've been working very hard on a new web site that would contain more code samples and answers to questions. We've also made it easier to find the information you need by creating different, easy-to-understand categories, but also through better search functionality and the use of tags.
iText 5.5.8 fixes a problem with digital signatures that was accidentally introduced in version 5.5.7. While we were at it, we also improved the verification of OCSP responses. There were also problems when signing PDFs that are compliant with the PDF/A-2, PDF/A-3 and ZUGFeRD standard. Those are now fixed.
Other improvements involve:
- Fonts: there were issues with some Noto fonts, we fixed the range of characters in the ToUnicode table, we provided a fallback mechanism in case of absent OS/2 tables,
- Annotations: fixed some scaling issues and some flattening problems when skew and rotation are involved,
- PdfReader: fixed partial reading when a PDF file is imported as a byte array,
- Tagged PDF: fixed a problem with the structure tree when using page events,
- Page labels: we received code contributions from Nick Park that improve page label extraction.
We also have a new RUPS release. You can now click a stream in tree view to inspect its contents in a new window. This allows the user to keep a stream open while looking at other information such as the resources (fonts, XObjects, images,...) used by the stream.
For the full list of updates, see the Changelog 5.5.8.