Strong recommendation for OpenPDF 1.0.5 instead of iText 2.1.7

Issue: SPR-16107
8 years ago · b70d400c71
3 changed files with 19 additions and 7 deletions
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfStamperView.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfStamperView.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -33,9 +33,11 @@ import org.springframework.web.servlet.view.AbstractUrlBasedView;
 * will extend this class to merge the PDF form with model data.
 *
 * <p>This view implementation uses Bruno Lowagie's
- * <a href="http://www.lowagie.com/iText">iText</a> package.
+ * <a href="http://www.lowagie.com/iText">iText</a> API.
- * Known to work with iText 2.1.7 as well as its fork
+ * Known to work with the original iText 2.1.7 as well as its fork
 * <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
 * <b>We strongly recommend OpenPDF since it is actively maintained
 * and fixes an important vulnerability for untrusted PDF content.</b>
 *
 * <p>Thanks to Bryant Larsen for the suggestion and the original prototype!
 *
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfView.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/view/document/AbstractPdfView.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -35,9 +35,11 @@ import org.springframework.web.servlet.view.AbstractView;
 * not in a template.
 *
 * <p>This view implementation uses Bruno Lowagie's
- * <a href="http://www.lowagie.com/iText">iText</a> package.
+ * <a href="http://www.lowagie.com/iText">iText</a> API.
- * Known to work with iText 2.1.7 as well as its fork
+ * Known to work with the original iText 2.1.7 as well as its fork
 * <a href="https://github.com/LibrePDF/OpenPDF">OpenPDF</a>.
 * <b>We strongly recommend OpenPDF since it is actively maintained
 * and fixes an important vulnerability for untrusted PDF content.</b>
 *
 * <p>Note: Internet Explorer requires a ".pdf" extension, as it doesn't
 * always respect the declared content type.
--- a/src/asciidoc/web-view.adoc
+++ b/src/asciidoc/web-view.adoc
@ -2066,7 +2066,15 @@ server with the correct content type to (hopefully) enable the client PC to run
 spreadsheet or PDF viewer application in response.
 In order to use Excel views, you need to add the Apache POI library to your classpath,
-and for PDF generation, the common iText 2.1.7 or its fork OpenPDF (e.g. OpenPDF 1.0.4).
+and for PDF generation preferably the OpenPDF library.
 [NOTE]
 ====
 Use the latest versions of the underlying document generation libraries if possible.
 In particular, we strongly recommend OpenPDF (e.g. OpenPDF 1.0.5) instead of the
 outdated original iText 2.1.7 since it is actively maintained and fixes an important
 vulnerability for untrusted PDF content.
 ====