Skip to content

Releases: itext/itext-java

iText Core/Community 7.1.18

16 Dec 14:18
7.1.18
Compare
Choose a tag to compare

The iText 7 Core 7.1.18 release is a maintenance release for iText 7.1.x which includes some recent CVE mitigations and backports from 7.2.x releases.

It addresses two CVE issues (CVE-2022-24196, CVE-2022-24197) which were fixed in the release of iText 7 Core 7.2.2. In addition, we've also backported a fix from our 7.2.1 release which fixes improper nesting of canvas operators when converting SVG to PDF by supporting q/Q Operators inside BT/ET text blocks and objects.

iText Core/Community 7.2.4

25 Oct 10:00
7.2.4
Compare
Choose a tag to compare

As the last quarter of 2022 rolls around, it’s time for our final release of the year for iText 7 Core. While there’s nothing quite as big to announce as the Android reference implementation from last time, we do have a few cool new things in iText 7.2.4 to tell you about. There’s a nice convenience method improvement for creating tagged PDFs, plus a couple of changes relating to default color spaces for PDF/A documents, and for PDF/A detection in the sign module.

Let’s talk about the changes to PDF tagging first. We noticed that when you apply iText's tagging defaults to somewhat advanced layouts, it could result in rather convoluted tag structures. You could remedy such issues by calling getAccessibilityProperties().setRole(null) on the layout element(s) that don't have semantic value, which attaches all children of the layout element to the element's parent for tagging purposes. However, this was a little inconvenient since invoking setRole(...) is not chainable with regards to the underlying layout element, since it operates on AccessibilityProperties instead of on the layout node itself. This meant that to use this feature, you would need to create an intermediate variable to hold the layout element you wish to be "tag-neutral". To improve things, we’ve added a chainable setNeutralRole() method which can be implemented at the layout element level instead, which is a much more elegant solution.

As for the change to PDF/A default color spaces, ISO 19005-2 6.2.4.3 states that when rendering colors specified in DeviceRGB or DeviceCMYK, and where no matching device independent default color space has been set, conforming readers should use the profile in the file’s PDF/A OutputIntent dictionary as the source color space. Previous versions of iText were not aware when some content was drawn using the color space set by default, and so we’ve now added a check for the Default Color Space in our PdfAChecker mechanism.

In addition, we’ve made an improvement to the sign module relating to the detection and initialization of PDF/A documents. In previous versions of iText 7 Core, we did not check if the given document was a PDF or a PDF/A document. This prevented the PdfSigner from initializing the document as a PdfADocument if it was required. Now the PdfSigner class will check to see if a document claims PDF/A conformance, and treat it accordingly. Note that this does count as a breaking change, so see the example linked below to learn more.

We have also fixed a bug where BBox values for table cells would be inaccurate, leading to text clipping issues. See the example linked below for more information about this fix.

In other news, we have upgraded our Java BouncyCastle dependency from version 1.69 to 1.70.

Improvements

  • Updated jackson-databind dependency to 2.13.4
  • PDF/A: Add check for Default Color Space
  • Implement chainable API to neutralize tagging on specific layout elements
  • Implement PDF Type 0 (Sampled) Functions (chapter 7.10.2 of 32000-1_2008)
  • In the method ImagePdfBytesInfo.decodeTiffAndPngBytes when the colorspace is a separation color space don't throw an exception but recalculate the image pixels to the alternate colorspace of the separation color
  • Update CMap files in font-asian package

Bugs

  • Smart mode copying merges GoTo actions with different explicit destinations into a single PDF object
  • PdfDocument.copyPagesTo was creating corrupt PDFs when there was a button widget whose action is to jump to another page within the same document
  • When merging using UseSmartMode() layers with identical names were discarded
  • Result of text extraction differs from the original document text for CJK fonts (Identity-H/V encoding)
  • table.createRendererSubTree() is producing an incorrect height calculation for the occupied area BBox. If we set the cell height to the calculated value, then text is being clipped on the final output

iText Core/Community 7.2.3

05 Jul 08:32
7.2.3
Compare
Choose a tag to compare

Q3 is upon us, and so is the release of iText 7 Core 7.2.3! The big news this time round is naturally the official release of our reference implementation of iText 7 for Android, though there’s plenty more that’s new in Core. We have a fix relating to XMP metadata in PDF/A documents, improved support for SVG image dimensions using exponent notation, and revised the way PDF streams with indirect references are flushed.

Plus, we have the usual round of bugfixes and miscellaneous improvements as always.

Let’s talk about Android first though. By using iText 7.2 as a base, we’ve done some legwork to eliminate the main sticking points for incompatibility between Java and Android, and to showcase this we’ve developed a reference implementation. This includes some UI components to build an app which demonstrates the currently available functionality.

This SDK depends on forked versions of PdfiumAndroid and the AndroidPdfViewer project developed by @barteksc, and requires API version 27 or above.

A pull request inspired us to make some improvements to the way PDF streams with indirect references are flushed. Thank you @LingMan!

In other news for Core, we’ve made some more SVG improvements by adding support for exponent notation using the capital E to specify image dimensions. We’ve prepared a code example to demonstrate this which you can find linked below.

There’s also a nice change for our AGPL users. If a license file is not provided for Core, it assumes AGPL usage and so occasionally a message is printed to stdout as a reminder. However, if you’re happy that you’re in compliance with the AGPL requirements then seeing this message might become a little annoying after a while. If this is the case, you’ll be pleased to learn that you can disable it, see the example linked below to learn more.

Improvements

  • Android Support
  • Save XMP metadata in canonical format for PDF/A documents
  • Implement Pdf Type 2 function (Exponential Interpolation) Functions
  • Implement Pdf Type 3 (Stitching) Functions
  • Indirect ref in PdfStream issues: implement the first solution mentioned during the refinement
  • Update several 3rd party dependencies to their most recent version

Bugs

  • SVG: support exponent notation for numbers with capital E
  • Fix NPE on CopyPagesTo
  • Issue with flushing PDF stream with indirect reference in /Filter
  • Fix infinite loop when reading a PdfDocument
  • Fix the NPE which is thrown when table cell content is clipped

iText Core/Community 7.2.2

11 Apr 07:15
7.2.2
Compare
Choose a tag to compare

It's already Q2 of 2022, and so we're pleased to announce the release of iText Core 7.2.2. Your favorite PDF library for Java and .NET (and more!)

We've updated some dependencies such as Bouncy Castle to 1.70, Log4j to 1.7.33, and Logback to 1.2.10.

We've made some improvements to iText's parsing logic for PDF cross-reference structures. This was to prevent the potential for a PDF's structure to be maliciously created to cause infinite loops or other issues.

We've also fixed a bug relating to CFF font parsing. As noted in the specification, CFF is a font format which was developed by Adobe to act as a compact container for one or more fonts by using lossless compression. In cases when a font's CID does not correspond to its GID, iText could incorrectly read its cmap values resulting in incorrect glyphs being displayed in PDF viewers. To address this, the font parsing logic has been rewritten to account for fonts where the glyph IDs do not match the CIDs, and will now handle them in the correct and expected manner.

This release also addresses two CVE issues (CVE-2022-24196, and CVE-2022-24197) which were disclosed. See the Changelog or the linked issues for more details.

Improvements

  • Updated some Java dependencies (Bouncy Castle 1.70, Logback 1.2.10, slf4j 1.7.33)

Bugs

  • Fixed CFF font-parsing logic
  • CVE fixes
    CVE-2022-24196 - out-of-memory error via the component readStreamBytesRaw
    CVE-2022-24197 - stack-based buffer overflow via the component ByteBuffer.append

iText Core/Community 7.2.1

11 Jan 13:27
7.2.1
Compare
Choose a tag to compare

iText Core 7.2.1 is the latest release of your favorite PDF library for Java and .NET (and more!), and the first scheduled maintenance release for iText 7.2. It brings further improvements for SVG conversion, supporting default values for the d attribute of the path tag and improving PDF output, which in previous versions could be rendered incorrectly by some PDF viewers, such as Safari and View (macOS), and Documents (iOS). As usual, pdfHTML also benefits from any SVG handling changes.

As for PDF merging functionality, we should note more intelligent outline handling, which is no longer as strict and can fix some syntax mistakes in the Outlines hierarchy. For instance, absence of the parent attribute which is mandatory in the PDF specification is not an issue anymore.

We'd also like to thank the iText community for its contributions, specifically; realityone, with a really important and impactful fix for incompatibility with PDF standards in our codebase and kohler, whose PR helped us a lot in our efforts to process PDF outlines better. We are happy to see that after 21 years there is still so much interest in improving the iText library.

You can also expect other changes such as a number of bug fixes, plus some significant improvements to the codebase.

Improvements

  • SVG: Support default value for 'd" attribute
  • Process Outlines using explicit hierarchy
  • Support of copying empty tags

Bugs

  • Outlines structure parsing: infinite loop while merging with outlines
  • SVG. Support of q/Q Operators inside BT/ET text block/object
  • Set PubKeySecurityHandler output stream with DER encoding format
  • OcgPropertiesCopier: StackOverflowError when merging documents with OCGs if a resource has cycle reference

iText Core/Community 7.1.17

25 Oct 15:24
7.1.17
Compare
Choose a tag to compare

The iText 7.1.17 release is a maintenance release with a security bug fix for a vulnerability that allowed the use of GhostScript in an unpredictable manner.
At the same time, we are also releasing iText 7.2.0, the next major version of iText. In addition to this bug fix, 7.2.0 contains a great deal of other improvements.

Bugs

  • Security bugfix for vulnerability in GhostScript

iText Core/Community 7.2.0

25 Oct 11:52
7.2.0
Compare
Choose a tag to compare

We are pleased to announce the next major version of iText 7; iText 7.2.0.

The most important change in this release of iText 7 is the new Unified License Mechanism, where we can have independent licenses for iText 7 Core, iText 7 add-ons and other products, send statistics to the server, allow users to easily check used volume, and more. As you might guess from the name, the Unified License Mechanism affects the entire iText 7 Suite, so please also check out the iText add-ons which have received updates along with this release.

As this is a major release, please note that we have removed deprecated and redundant methods from the API. This will allow us to better maintain the code and more easily add new functionality in the future.

As a next step for wider SVG support in future releases, we have upgraded to a newer version of the jsoup HTML parser, which iText 7 uses for SVG processing. This version of jsoup (1.14.1), brings a number of security and stability fixes, in addition to its improved SVG support. Probably the most immediate expected improvement resulting from this upgrade is that SVG tags will now be correctly processed in a case-sensitive manner, as per the specification.

Separately, it should be noted that this release contains a security bug fix for a vulnerability that allowed the use of GhostScript in an unpredictable manner.

As for the rest of the changes, 7.2 brings a number of bugfixes, plus some significant improvements to the codebase. Some of these may not yet be visible but will have an important effect on the further development of the iText 7 Suite, its security, and performance.

Breaking Changes

  • Removed deprecated methods from API

New Features

  • Unified License Mechanism
  • Introduce interface of typography logic and stub implementation at the layout level

Improvements

  • Case insensitive SVG tags
  • Jsoup 1.14.1
  • Throw specific errors when Outline Dictionary breaks PDF specs rules

Bugs

  • Streams remain open in case of exception in PdfDocument/PdfReader constructors
  • PdfPageFormCopier. multiple widget source field can`t be added to AcroForm when there is a name conflict.
  • Infinity loop in ParagraphRenderer
  • Prevent empty producer line logic
  • No list symbol indention for "Right to left" text
  • Layout: Cell with big rowspan causes infinite loop

iText Core/Community 7.1.16

05 Jul 08:58
7.1.16
Compare
Choose a tag to compare

The iText Core 7.1.16 release is already our third release for 2021 and it brings a few important improvements, making our SDK even more flexible, customizable and productive.
We continue to improve the SVG support in iText. For this release we made the TextLeafSvgNodeRenderer class easily extendable, so you can implement your own conversion logic. This can be beneficial for processing complicated SVG images and make code clearer.
Another important improvement in this release is refactoring the PdfSigner class responsible for digital signatures. Specifically, the customization of a signature's appearance has been significantly simplified. This is implicitly related to SVG support, as from now on using SVG images for a signature's appearance will not require so much effort on the part of developers.
As for performance improvements, we should note the parsing of Metadata has been optimized, and the fixing of a couple of bugs that could cause deadlocks and memory leaks.
Besides that, support of non-encrypted PDF files with encrypted attachments, and ICCBased colorspaces has been added.

Features

  • SVG. Customizable TextLeafSvgNodeRenderer
  • Support for encryption embedded files only

Improvements

  • Improve Bezier curve approximation for rounded borders
  • Improve performance of Metadata parsing
  • Support ICCBased color space
  • Refactor preClose() in PdfSigner

Bugs

  • Streams remain open when Exception thrown
  • Support Type3 fonts extraction, when glyphs have non-standard names

iText Core/Community 7.1.15

13 Apr 12:29
7.1.15
Compare
Choose a tag to compare

iText Core 7.1.15 is the second quarterly release for 2021 of our multifunctional PDF SDK.

Important notes:

We've started preparations for the release of our next major version (7.2) so in this release:

  1. all deprecated methods of the layout module API have been removed.
  2. Bouncy Castle's version was updated to 1.68.

In addition, this release brings many important changes to iText 7. While many of these changes relate to the flexbox support that we've added to pdfHTML 3.0.4, there is also a number of substantial changes which explicitly affect iText 7 Core behaviour. They may not be immediately obvious, but are still significant and involved a great deal of effort from our team:

  1. support forType3 fonts with non-standard glyph names
  2. improved performance of the layout module for better processing of extremely large block elements and correct rendering of a table's cells. This can lead to significantly lower memory usage in certain situations
  3. increased SVG support. Now iText is able to correctly process SVG paths with missing L/l operators, as per the moveto command specification.
  4. clearer error messages for many cases.

Last but not least; huge amounts of kudos to @borislucas-dev, @trumpetinc, and @dajoropo for their efforts in making iText even better. Thank you for all your pull requests; we feel extremely proud to still have so many active contributors, even after 21(!) years of existence as an open-source product.

Breaking changes

  • removing deprecated methods from the layout module

Improvements

  • SVG: added support for M/m operators followed by a pair of coordinates
  • support for Type3 fonts with non-standard glyph names
  • support justify-content and align-items
  • better PDF/A Conformance exception text
  • ignore invalid catalogue version on document load
  • Improve exception message when removing a page from a document with invalid outlines
  • BouncyCastle version has been updated from 1.67 to 1.68

Bugs

  • layout: cells with percent width change column width after overflow
  • add null check for producer string

iText Core/Community 7.1.14

14 Jan 13:20
7.1.14
Compare
Choose a tag to compare

The iText Core 7.1.14 release is the first quarterly release of 2021 of our innovative PDF library.

We've continued to further increase the support for SVG, since as noted in previous releases this is an important topic for us.

The new release brings support for the <pattern> element which benefits both Core, and pdfHTML (3.0.3). This element is used to define a graphics object which can be "tiled" to cover an area. In addition, we also added the support of font-relative units for SVG and fixed the stroke-width processing within <use> tags.

We've also made improvements to our Acroform support: the missing fields border styles as Beveled, Underline and Inset are now available in iText Core.

A few changes have been made to OpenType Font (OTF) processing which are especially important in the context of Japanese, Chinese and Korean languages. Previously OpenTypeFontTableReader.getLanguageRecord() only allowed fetching the default language system for a given script, which was not sufficient for CJK regional variant substitution. Now, it's possible to fetch OTF language records by tag.

Note: Java 7 support was deprecated as of the 7.1.13 release, and so from this release we’re targeting Java 8

New Features

  • SVG: Support <pattern> element
  • Support of form fields border styles (Beveled, Underline and Inset)

Improvements

  • SVG: add support of font-relative units for the font-size property in a text element
  • Allow OTF language records to be fetched by tag
  • Support word-wrap and word-break properties

Bugs

  • Expand colored background on the overflowed part of span
  • SVG stroke-width doesn't work in <use> tags
  • Signed short number overflows in readCoverageFormat()
  • Page-break-inside: avoid not being taken into account for floating DIVs