itext/itextpdf
### [`v5.5.13.3`](https://togithub.com/itext/itextpdf/releases/tag/5.5.13.3)
[Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.13.2...5.5.13.3)
Since the release of iText 5.5.13 the iText 5 product line has transitioned to be in maintenance mode, meaning it only receives security related releases. While iText 5 is now EOL, we want to make sure that our users who have developed their solutions using iText 5 can safely continue using it.
For this particular release, we’ve backported a security bug fix from iText 7.2.0 and 7.1.17 to resolve a vulnerability that allowed the use of GhostScript in an unpredictable manner. See [CVE-2021-43113](https://nvd.nist.gov/vuln/detail/CVE-2021-43113) for more information.
In addition, we have updated the Apache XML Security for Java (org.apache.santuario:xmlsec) dependency to version 1.5.8 from version 1.5.6.
The Bouncy Castle Crypto API for Java has also been updated to version 1.67 due to a flaw in the OpenBSDBCrypt.checkPassword() method present in 1.65 and 1.66. This was disclosed in [CVE-2020-28052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052), see the link for more details.
Note that if you use some of the older Java versions (Java 1.5-1.8) you might need to update the bouncy castle dependency to a different specific distribution. On Maven it's org.bouncycastle.bcprov-jdk15to18.
From https://www.bouncycastle.org/latest_releases.html:
"Further Note (users of Oracle JVM 1.7 or earlier, users of "pre-Java 9" toolkits): As of 1.63 we have started including signed jars for "jdk15to18", if you run into issues with either signature validation in the JCE or the presence of the multi-release versions directory in the regular "jdk15on" jar files try the "jdk15to18" jars instead."
An example of an exception which might occur if the “standard" bouncy-castle distribution is used together with older Java versions:
> java.security.NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available.
### [`v5.5.13.2`](https://togithub.com/itext/itextpdf/releases/tag/5.5.13.2)
[Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.13.1...5.5.13.2)
##### core
- security update of bouncy castle dependency
### [`v5.5.13.1`](https://togithub.com/itext/itextpdf/releases/tag/5.5.13.1)
[Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.13...5.5.13.1)
##### core
- security fix for clearer signatures validation
- security improvement around decompression bombs
### [`v5.5.13`](https://togithub.com/itext/itextpdf/releases/tag/5.5.13)
[Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.12...5.5.13)
iText `5.5.13` is a maintenance release that rolls up 4 bugfixes for [iText 5 Core](https://itextpdf.com/itext-5-core) from the past 5 months:
- As of this release XFA Worker is no longer supported on .NET 2.0 - instead you need to use .NET 4.0.
- Support has been added for License Key Library 3.0.1. Users on License Key Library 1.0.x should migrate to 3.0.1.
- 3 bugfixes for iText 5 Core `5.5.13`.
- 1 bugfix for [XFA Worker](https://itextpdf.com/Products/xfa-worker) `5.5.13` (commercial add-on, not on GitHub).
Please be informed that at the same time we release [pdfXFA](https://itextpdf.com/itext7/pdfXFA) `1.0.3`, an add-on for iText 7. All bugfixes for XFA Worker `5.5.13` were ported to pdfXFA `1.0.3`.
No new functionality has been added since [`5.5.11`](https://itextpdf.com/release/iText5511).
The full list of changes can be found in the [changelogs](https://itextpdf.com/blog/itext-release-5513-changelog) and the release in our download hub for [Java](https://developers.itextpdf.com/itext-java) and [.NET](https://developers.itextpdf.com/itextsharp-net).
If you use Maven, then you can download iText from the Central Repository by adding one or more of the following XML snippets to your `pom.xml`:
com.itextpdfitextpdf${itext.version}com.itextpdfitext-pdfa${itext.version}com.itextpdfitext-xtra${itext.version}com.itextpdf.toolxmlworker${itext.version}
Still questions about the release, don't hesitate to [contact us](https://itextpdf.com/contact).
### [`v5.5.12`](https://togithub.com/itext/itextpdf/releases/tag/5.5.12)
[Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.11...5.5.12)
iText `5.5.12` is a maintenance release that rolls up 22 bugfixes for iText 5 Core from the past 5 months:
- 22 bugfixes for iText 5 Core 5.5.12.
- 6 bugfixes for XFAWorker 5.5.12 (Commercial add-on, not on GitHub).
No new functionality has been added since `5.5.11`.
At the same time we also release pdfXFA 1.0.2, an add-on for iText 7. All bugfixes for XFAWorker 5.5.12 were ported to pdfXFA 1.0.2.
### [`v5.5.11`](https://togithub.com/itext/itextpdf/releases/tag/5.5.11)
[Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.10...5.5.11)
iText `5.5.11` is a maintenance release that rolls up 28 bugfixes from the past 5 months. No new functionality has been added since `5.5.10`.
### [`v5.5.10`](https://togithub.com/itext/itextpdf/releases/tag/5.5.10)
[Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.9...5.5.10)
Changelog: http://itextpdf.com/changelog/5510
Release Notes: http://itextpdf.com/release/iText5510
Download: https://github.com/itext/itextpdf/releases/tag/5.5.10
### [`v5.5.9`](https://togithub.com/itext/itextpdf/releases/tag/5.5.9)
[Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.8...5.5.9)
Changelog: http://itextpdf.com/changelog/559
Release Notes: http://itextpdf.com/release/iText559
Download: https://github.com/itext/itextpdf/releases/tag/5.5.9
### [`v5.5.8`](https://togithub.com/itext/itextpdf/releases/tag/5.5.8)
[Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.7...5.5.8)
For this release, we combined the `itextpdf`, `pdfa`, `xtra` and `xmlworker` repositories on [GitHub](http://github.com/itext/itextpdf). You no longer need to download **XML Worker** separately, it is included in the ZIP file below. You'll have to make small changes to your development environment if you import the iText source code.
A new site, a new release! We've been working very hard on a new web site that would contain more [code samples](http://developers.itextpdf.com/examples) and [answers to questions](http://developers.itextpdf.com/frequently-asked-developer-questions). We've also made it easier to find the information you need by creating different, easy-to-understand categories, but also through better search functionality and the use of tags.
iText 5.5.8 fixes a problem with digital signatures that was accidentally introduced in version 5.5.7. While we were at it, we also improved the verification of OCSP responses. There were also problems when signing PDFs that are compliant with the PDF/A-2, PDF/A-3 and ZUGFeRD standard. Those are now fixed.
Other improvements involve:
- Fonts: there were issues with some Noto fonts, we fixed the range of characters in the ToUnicode table, we provided a fallback mechanism in case of absent OS/2 tables,
- Annotations: fixed some scaling issues and some flattening problems when skew and rotation are involved,
- PdfReader: fixed partial reading when a PDF file is imported as a byte array,
- Tagged PDF: fixed a problem with the structure tree when using page events,
- Page labels: we received code contributions from Nick Park that improve page label extraction.
We also have a new [RUPS](https://togithub.com/itext/rups) release. You can now click a stream in tree view to inspect its contents in a new window. This allows the user to keep a stream open while looking at other information such as the resources (fonts, XObjects, images,...) used by the stream.
For the full list of updates, see the [Changelog 5.5.8](http://itextpdf.com/changelog/558).
### [`v5.5.7`](https://togithub.com/itext/itextpdf/releases/tag/5.5.7)
There's a new 60-page tutorial in the works about creating e-Invoices with iText. This book will be presented at Adobe's Headquarters in San Jose at the [PDF Association's PDF Technical Conference](http://www.pdfa.org/event/pdf-technical-conference-2015/). In the pdfa jar of iText 5.5.7, you'll find code that allows you to create ZUGFeRD invoices as a PDF document with an XML attachment that complies either with the ZUGFeRD Basic profile or the ZUGFeRD Comfort profile. All you need to do to create the XML, is to implement either the `BasicInvoice` or the `ComfortInvoice` interface. These are invoices that consist of nothing but `getX()` methods in which you provide the content of your invoice (such as seller, buyer, invoice lines,...). The functionality is currently released in beta, [let us know](http://itextpdf.com/contact) if you want more info before the official release of the tutorial.
This release also brings several improvements, especially in these areas:
- The CleanUp functionality: several bug fixes; we've also resolved some inconsistencies between iText and iTextSharp.
- Forms: fixed some problems with special (or missing) fonts, fixed some edge cases when merging forms.
- Tables: fixed edge case errors, for instance problem:
- with skip first header/last footer,
- when splitting rows,
- regarding performance issues with nested tables.
- Reading PDF: better exception messages when "bad" PDFs are being read. For instance: we've found a PDF that had (illegal) circular references that resulted in an endless loop. We can now fail early before the JVM goes out of memory.
- Digital signatures: added functionality to manage the field lock dictionary, solved a problem with the signing time attribute, and other fixes
We noticed some differences when using iText with Java 7 versus using iText with Java 8. These are now solved.
We've added the `PdfASmartCopy` class. You can now choose for external caching when creating PDF/A (to save memory). We've also introduced some improvements to `PdfStamper`: you can now add named destinations, and you can incrementally update a file on disk (if you want to save memory).
For the full list of updates, see the [Changelog 5.5.7](http://itextpdf.com/changelog/557).
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[x] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.
gitpod-io[bot]
commented
2 years ago 
This PR contains the following updates:
5.5.6-1->5.5.13.3Release Notes
itext/itextpdf
### [`v5.5.13.3`](https://togithub.com/itext/itextpdf/releases/tag/5.5.13.3) [Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.13.2...5.5.13.3) Since the release of iText 5.5.13 the iText 5 product line has transitioned to be in maintenance mode, meaning it only receives security related releases. While iText 5 is now EOL, we want to make sure that our users who have developed their solutions using iText 5 can safely continue using it. For this particular release, we’ve backported a security bug fix from iText 7.2.0 and 7.1.17 to resolve a vulnerability that allowed the use of GhostScript in an unpredictable manner. See [CVE-2021-43113](https://nvd.nist.gov/vuln/detail/CVE-2021-43113) for more information. In addition, we have updated the Apache XML Security for Java (org.apache.santuario:xmlsec) dependency to version 1.5.8 from version 1.5.6. The Bouncy Castle Crypto API for Java has also been updated to version 1.67 due to a flaw in the OpenBSDBCrypt.checkPassword() method present in 1.65 and 1.66. This was disclosed in [CVE-2020-28052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052), see the link for more details. Note that if you use some of the older Java versions (Java 1.5-1.8) you might need to update the bouncy castle dependency to a different specific distribution. On Maven it's org.bouncycastle.bcprov-jdk15to18. From https://www.bouncycastle.org/latest_releases.html: "Further Note (users of Oracle JVM 1.7 or earlier, users of "pre-Java 9" toolkits): As of 1.63 we have started including signed jars for "jdk15to18", if you run into issues with either signature validation in the JCE or the presence of the multi-release versions directory in the regular "jdk15on" jar files try the "jdk15to18" jars instead." An example of an exception which might occur if the “standard" bouncy-castle distribution is used together with older Java versions: > java.security.NoSuchAlgorithmException: 1.2.840.113549.3.2 KeyGenerator not available. ### [`v5.5.13.2`](https://togithub.com/itext/itextpdf/releases/tag/5.5.13.2) [Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.13.1...5.5.13.2) ##### core - security update of bouncy castle dependency ### [`v5.5.13.1`](https://togithub.com/itext/itextpdf/releases/tag/5.5.13.1) [Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.13...5.5.13.1) ##### core - security fix for clearer signatures validation - security improvement around decompression bombs ### [`v5.5.13`](https://togithub.com/itext/itextpdf/releases/tag/5.5.13) [Compare Source](https://togithub.com/itext/itextpdf/compare/5.5.12...5.5.13) iText `5.5.13` is a maintenance release that rolls up 4 bugfixes for [iText 5 Core](https://itextpdf.com/itext-5-core) from the past 5 months: - As of this release XFA Worker is no longer supported on .NET 2.0 - instead you need to use .NET 4.0. - Support has been added for License Key Library 3.0.1. Users on License Key Library 1.0.x should migrate to 3.0.1. - 3 bugfixes for iText 5 Core `5.5.13`. - 1 bugfix for [XFA Worker](https://itextpdf.com/Products/xfa-worker) `5.5.13` (commercial add-on, not on GitHub). Please be informed that at the same time we release [pdfXFA](https://itextpdf.com/itext7/pdfXFA) `1.0.3`, an add-on for iText 7. All bugfixes for XFA Worker `5.5.13` were ported to pdfXFA `1.0.3`. No new functionality has been added since [`5.5.11`](https://itextpdf.com/release/iText5511). The full list of changes can be found in the [changelogs](https://itextpdf.com/blog/itext-release-5513-changelog) and the release in our download hub for [Java](https://developers.itextpdf.com/itext-java) and [.NET](https://developers.itextpdf.com/itextsharp-net). If you use Maven, then you can download iText from the Central Repository by adding one or more of the following XML snippets to your `pom.xml`:Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.