Strong recommendation for OpenPDF 1.0.5 instead of iText 2.1.7
Issue: SPR-16107
(cherry picked from commit b70d400
)
This commit is contained in:
parent
0f5a3e2647
commit
934a995acb
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2017 the original author or authors.
|
* Copyright 2002-2018 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -34,9 +34,11 @@ import org.springframework.web.servlet.view.AbstractUrlBasedView;
|
||||||
* will extend this class to merge the PDF form with model data.
|
* will extend this class to merge the PDF form with model data.
|
||||||
*
|
*
|
||||||
* <p>This view implementation uses Bruno Lowagie's
|
* <p>This view implementation uses Bruno Lowagie's
|
||||||
* <a href="http://www.lowagie.com/iText">iText</a> package.
|
* <a href="http://www.lowagie.com/iText">iText</a> API.
|
||||||
* Known to work with iText 2.1.7 as well as its fork
|
* Known to work with the original iText 2.1.7 as well as its fork
|
||||||
* <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
|
* <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
|
||||||
|
* <b>We strongly recommend OpenPDF since it is actively maintained
|
||||||
|
* and fixes an important vulnerability for untrusted PDF content.</b>
|
||||||
*
|
*
|
||||||
* <p>Thanks to Bryant Larsen for the suggestion and the original prototype!
|
* <p>Thanks to Bryant Larsen for the suggestion and the original prototype!
|
||||||
*
|
*
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2017 the original author or authors.
|
* Copyright 2002-2018 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -35,9 +35,11 @@ import org.springframework.web.servlet.view.AbstractView;
|
||||||
* not in a template.
|
* not in a template.
|
||||||
*
|
*
|
||||||
* <p>This view implementation uses Bruno Lowagie's
|
* <p>This view implementation uses Bruno Lowagie's
|
||||||
* <a href="http://www.lowagie.com/iText">iText</a> package.
|
* <a href="http://www.lowagie.com/iText">iText</a> API.
|
||||||
* Known to work with iText 2.1.7 as well as its fork
|
* Known to work with the original iText 2.1.7 as well as its fork
|
||||||
* <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
|
* <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
|
||||||
|
* <b>We strongly recommend OpenPDF since it is actively maintained
|
||||||
|
* and fixes an important vulnerability for untrusted PDF content.</b>
|
||||||
*
|
*
|
||||||
* <p>Note: Internet Explorer requires a ".pdf" extension, as it doesn't
|
* <p>Note: Internet Explorer requires a ".pdf" extension, as it doesn't
|
||||||
* always respect the declared content type.
|
* always respect the declared content type.
|
||||||
|
|
|
@ -1831,7 +1831,15 @@ server with the correct content type to (hopefully) enable the client PC to run
|
||||||
spreadsheet or PDF viewer application in response.
|
spreadsheet or PDF viewer application in response.
|
||||||
|
|
||||||
In order to use Excel views, you need to add the Apache POI library to your classpath,
|
In order to use Excel views, you need to add the Apache POI library to your classpath,
|
||||||
and for PDF generation, the common iText 2.1.7 or its fork OpenPDF (e.g. OpenPDF 1.0.4).
|
and for PDF generation preferably the OpenPDF library.
|
||||||
|
|
||||||
|
[NOTE]
|
||||||
|
====
|
||||||
|
Use the latest versions of the underlying document generation libraries if possible.
|
||||||
|
In particular, we strongly recommend OpenPDF (e.g. OpenPDF 1.0.5) instead of the
|
||||||
|
outdated original iText 2.1.7 since it is actively maintained and fixes an important
|
||||||
|
vulnerability for untrusted PDF content.
|
||||||
|
====
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue