root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Strong recommendation for OpenPDF 1.0.5 instead of iText 2.1.7 

Issue: SPR-16107

(cherry picked from commit b70d400)
This commit is contained in:
Juergen Hoeller 2018-03-07 16:54:04 +01:00
parent 0f5a3e2647
commit 934a995acb
3 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfStamperView.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -34,9 +34,11 @@ import org.springframework.web.servlet.view.AbstractUrlBasedView;
* will extend this class to merge the PDF form with model data.
*
* <p>This view implementation uses Bruno Lowagie's
* <a href="http://www.lowagie.com/iText">iText</a> package.
* Known to work with iText 2.1.7 as well as its fork
* <a href="http://www.lowagie.com/iText">iText</a> API.
* Known to work with the original iText 2.1.7 as well as its fork
* <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
* <b>We strongly recommend OpenPDF since it is actively maintained
* and fixes an important vulnerability for untrusted PDF content.</b>
*
* <p>Thanks to Bryant Larsen for the suggestion and the original prototype!
*

8
spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfView.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -35,9 +35,11 @@ import org.springframework.web.servlet.view.AbstractView;
* not in a template.
*
* <p>This view implementation uses Bruno Lowagie's
* <a href="http://www.lowagie.com/iText">iText</a> package.
* Known to work with iText 2.1.7 as well as its fork
* <a href="http://www.lowagie.com/iText">iText</a> API.
* Known to work with the original iText 2.1.7 as well as its fork
* <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
* <b>We strongly recommend OpenPDF since it is actively maintained
* and fixes an important vulnerability for untrusted PDF content.</b>
*
* <p>Note: Internet Explorer requires a ".pdf" extension, as it doesn't
* always respect the declared content type.

10
src/docs/asciidoc/web/webmvc-view.adoc
View File

@ -1831,7 +1831,15 @@ server with the correct content type to (hopefully) enable the client PC to run
spreadsheet or PDF viewer application in response.
In order to use Excel views, you need to add the Apache POI library to your classpath,
and for PDF generation, the common iText 2.1.7 or its fork OpenPDF (e.g. OpenPDF 1.0.4).
and for PDF generation preferably the OpenPDF library.
[NOTE]
====
Use the latest versions of the underlying document generation libraries if possible.
In particular, we strongly recommend OpenPDF (e.g. OpenPDF 1.0.5) instead of the
outdated original iText 2.1.7 since it is actively maintained and fixes an important
vulnerability for untrusted PDF content.
====