iText DITO 2.5.12
Add security headers
Add a limit on the number of allowed requests per second
Fixed vulnerabilities identified in SDK/Editor/Manager dependencies, specifically: CVE-2024-1597, CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2024-23080, CVE-2024-26308, CVE-2024-25710, CVE-2024-31033, CVE-2024-29025, CVE-2024-22234, CVE-2024-22257, CVE-2024-22262, CVE-2024-22243
As noted above, the ability to configure limits for the number of requests per second allowed to retrieve templates was added for the DITO Manager. These variables and related settings can be configured in the environment configuration file (.env) as follows:
DITO_MANAGER_BE_RATE_REQ_ZONE_SIZE_MB=10
DITO_MANAGER_BE_RATE_RPS=90
DITO_MANAGER_BE_RATE_BURST=20
DITO_MANAGER_FE_RATE_REQ_ZONE_SIZE_MB=10
DITO_MANAGER_FE_RATE_RPS=250
DITO_MANAGER_FE_RATE_BURST=20
DITO_MANAGER_EDITOR_RATE_REQ_ZONE_SIZE_MB=10
DITO_MANAGER_EDITOR_RATE_RPS=150
DITO_MANAGER_EDITOR_RATE_BURST=20
If you exceed the default number of Requests Per Second when using the API to pull templates from the Manager, you can increase the limit for the Back End (BE
) by changing the DITO_MANAGER_BE_RATE_RPS
setting from the default of 90
.
These settings are based on the NGINX Rate Limiting feature. For more information on configuring these settings see the following article: https://blog.nginx.org/blog/rate-limiting-nginx
End of Life (EOL) for iText DITO
As of November 2023, iText DITO reached its End of Life (EOL) status and has transitioned to maintenance mode.
This means it will only receive security related releases and fixes to allow our existing customers to continue safely using it. No new features will be added.
In light of iText DITO reaching its End of Life (EOL), we advise considering Fluent (https://apryse.com/products/fluent) as an alternative solution, offering enhanced features and ongoing support. For further details, please consult the Fluent Documentation available at (https://fluent.apryse.com/documentation). If you have any questions or require further information, please contact our support team at https://itext.freshdesk.com/support/home.