diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfStamperView.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfStamperView.java
index f52b7f6e801..4b765e3cdc2 100644
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfStamperView.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfStamperView.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,9 +34,11 @@ import org.springframework.web.servlet.view.AbstractUrlBasedView;
  * will extend this class to merge the PDF form with model data.
  *
  * <p>This view implementation uses Bruno Lowagie's
- * <a href="http://www.lowagie.com/iText">iText</a> package.
- * Known to work with iText 2.1.7 as well as its fork
+ * <a href="http://www.lowagie.com/iText">iText</a> API.
+ * Known to work with the original iText 2.1.7 as well as its fork
  * <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
+ * <b>We strongly recommend OpenPDF since it is actively maintained
+ * and fixes an important vulnerability for untrusted PDF content.</b>
  *
  * <p>Thanks to Bryant Larsen for the suggestion and the original prototype!
  *
diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfView.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfView.java
index f3baaae4ede..a7d0a9cb0bb 100644
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfView.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfView.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,9 +35,11 @@ import org.springframework.web.servlet.view.AbstractView;
  * not in a template.
  *
  * <p>This view implementation uses Bruno Lowagie's
- * <a href="http://www.lowagie.com/iText">iText</a> package.
- * Known to work with iText 2.1.7 as well as its fork
+ * <a href="http://www.lowagie.com/iText">iText</a> API.
+ * Known to work with the original iText 2.1.7 as well as its fork
  * <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
+ * <b>We strongly recommend OpenPDF since it is actively maintained
+ * and fixes an important vulnerability for untrusted PDF content.</b>
  *
  * <p>Note: Internet Explorer requires a ".pdf" extension, as it doesn't
  * always respect the declared content type.
diff --git a/src/docs/asciidoc/web/webmvc-view.adoc b/src/docs/asciidoc/web/webmvc-view.adoc
index 802c726a5c3..f546a40637d 100644
--- a/src/docs/asciidoc/web/webmvc-view.adoc
+++ b/src/docs/asciidoc/web/webmvc-view.adoc
@@ -1831,7 +1831,15 @@ server with the correct content type to (hopefully) enable the client PC to run
 spreadsheet or PDF viewer application in response.
 
 In order to use Excel views, you need to add the Apache POI library to your classpath,
-and for PDF generation, the common iText 2.1.7 or its fork OpenPDF (e.g. OpenPDF 1.0.4).
+and for PDF generation preferably the OpenPDF library.
+
+[NOTE]
+====
+Use the latest versions of the underlying document generation libraries if possible.
+In particular, we strongly recommend OpenPDF (e.g. OpenPDF 1.0.5) instead of the
+outdated original iText 2.1.7 since it is actively maintained and fixes an important
+vulnerability for untrusted PDF content.
+====