Home

Awesome

PLEASE NOTE: iText 5 is EOL, and has been replaced by iText 7. Only security fixes will be added

Known Security Issues

org.apache.santuario:xmlsec vulnerabilities

The iText 5 targets Java 5 which means that we can not update org.apache.santuario:xmlsec version to 2.x.x or newer as it requires Java 8. If you are not using the com.itextpdf.text.pdf.security.MakeXmlSignature class then you can avoid adding org.apache.santuario:xmlsec dependency into your project. Which means that you would not be affected by the related vulnerabilities, for example https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESANTUARIO-1655558. If you are using com.itextpdf.text.pdf.security.MakeXmlSignature class, for example for XFA signatures, then you can:

We HIGHLY recommend customers use iText 7 for new projects, and to consider moving existing projects from iText 5 to iText 7 to benefit from the many improvements such as:

iText 5 consists of several jars.

The main release contains:

iText 5 is hosted on https://github.com/itext/itextpdf

You can find the latest releases here:

You can also build iText 5 from source.

We also have RUPS — a tool that can help you debug PDFs. It's hosted on http://github.com/itext/rups

iText is licensed as AGPL software.

AGPL is a free / open source software license.

This doesn't mean the software is gratis!

Buying a license is mandatory as soon as you develop commercial activities distributing the iText software inside your product or deploying it on a network without disclosing the source code of your own applications under the AGPL license. These activities include:

Contact sales for more info: http://itextpdf.com/sales