Skip to main content
Skip table of contents

Release iText

Blog_iText header_1140x300_1.png

iText is a maintenance release for iText 5. Although iText 5 is now EOL and will not be receiving any new features, we have released this update for our iText 5 users to incorporate improvements in the digital signing system for checking and verifying signatures with iText.

This is intended to address the security vulnerabilities in digital signatures published earlier this year by researchers from the Ruhr-University Bochum in Germany. To read more about the vulnerabilities and how to avoid them with iText, see the following blog post:

Please ensure you update to this maintenance release, or consider upgrading to iText 7 for more comprehensive digital signature security and more features. 

Additionally, we've also addressed a separate vulnerability using decompression bombs as an attack vector.

Release Notes:

iText Core for Java and for .NET

  • 1 security fix for clearer signatures validation, and 1 security improvement around decompression bombs have been added to iText 5 Core



[DEV-1964] iText incorrectly validates signatures for doctored PDF files.


[DEV-1989] Avoid resources depletion due to decompression bombs

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.