iText 5 is the previous major version of iText’s leading PDF SDK. iText 5 is EOL, and is no longer developed, although we still provide support and security fixes. Switch your project to iText 8, our latest version which supports the latest PDF standards and technologies.
Check related iText 8 content!
iText 126.96.36.199 is a maintenance release for iText 5. Although iText 5 is now EOL and will not be receiving any new features, we have released this update for our iText 5 users to incorporate improvements in the digital signing system for checking and verifying signatures with iText.
This is intended to address the security vulnerabilities in digital signatures published earlier this year by researchers from the Ruhr-University Bochum in Germany. To read more about the vulnerabilities and how to avoid them with iText, see the following blog post: https://itextpdf.com/en/blog/technical-notes/avoiding-pdf-digital-signature-vulnerabilities-itext.
Please ensure you update to this maintenance release, or consider upgrading to iText 7 for more comprehensive digital signature security and more features.
Additionally, we've also addressed a separate vulnerability using decompression bombs as an attack vector.
188.8.131.52 Core for Java and for .NET
1 security fix for clearer signatures validation, and 1 security improvement around decompression bombs have been added to iText 5 Core
[DEV-1964] iText incorrectly validates signatures for doctored PDF files.
[DEV-1989] Avoid resources depletion due to decompression bombs