Legacy notice!

iText 5 is the previous major version of iText's leading PDF SDK. iText 5 has been EOL, and is no longer developed. Switch your project to iText 7, integrating the latest developments.
Check related iText 7 content!

Blog_iText 5.5.13.1 header_1140x300_1.png

iText 5.5.13.1 is a maintenance release for iText 5. Although iText 5 is now EOL and will not be receiving any new features, we have released this update for our iText 5 users to incorporate improvements in the digital signing system for checking and verifying signatures with iText.

This is intended to address the security vulnerabilities in digital signatures published earlier this year by researchers from the Ruhr-University Bochum in Germany. To read more about the vulnerabilities and how to avoid them with iText, see the following blog post: https://itextpdf.com/en/blog/technical-notes/avoiding-pdf-digital-signature-vulnerabilities-itext.

Please ensure you update to this maintenance release, or consider upgrading to iText 7 for more comprehensive digital signature security and more features. 

Additionally, we've also addressed a separate vulnerability using decompression bombs as an attack vector.


iText 5.5.13.1 Core for Java and for .NET

  • 1 security fix for clearer signatures validation, and 1 security improvement around decompression bombs have been added to iText 5 Core



Bug

[DEV-1964] iText incorrectly validates signatures for doctored PDF files.

Improvement

[DEV-1989] Avoid resources depletion due to decompression bombs