itext/itextpdf

[DEPRECATED] Core Java Library + PDF/A, xtra and XML Worker. Only security fixes will be added — please use iText 7 https://itextpdf.com

Download

Step 1. Add the JitPack repository to your build file

Add it in your root settings.gradle at the end of repositories:

	dependencyResolutionManagement {
		repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
		repositories {
			mavenCentral()
			maven { url 'https://jitpack.io' }
		}
	}

Add it in your settings.gradle.kts at the end of repositories:

	dependencyResolutionManagement {
		repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
		repositories {
			mavenCentral()
			maven { url = uri("https://jitpack.io") }
		}
	}

Add to pom.xml

	<repositories>
		<repository>
		    <id>jitpack.io</id>
		    <url>https://jitpack.io</url>
		</repository>
	</repositories>

Add it in your build.sbt at the end of resolvers:

 
    resolvers += "jitpack" at "https://jitpack.io"

Add it in your project.clj at the end of repositories:

 
    :repositories [["jitpack" "https://jitpack.io"]]

Step 2. Add the dependency

	dependencies {
		implementation 'com.github.itext:itextpdf:5.5.13.4'
	}
	dependencies {
		implementation("com.github.itext:itextpdf:5.5.13.4")
	}
	<dependency>
	    <groupId>com.github.itext</groupId>
	    <artifactId>itextpdf</artifactId>
	    <version>5.5.13.4</version>
	</dependency>

                            
    libraryDependencies += "com.github.itext" % "itextpdf" % "5.5.13.4"
        
        

                            
    :dependencies [[com.github.itext/itextpdf "5.5.13.4"]]

Readme

PLEASE NOTE: iText 5 is EOL, and has been replaced by iText. Only security fixes will be added

Known Security Issues

org.apache.santuario:xmlsec vulnerabilities

The iText 5 targets Java 5 which means that we can not update org.apache.santuario:xmlsec version to 2.x.x or newer as it requires Java 8. If you are not using the com.itextpdf.text.pdf.security.MakeXmlSignature class then you can avoid adding org.apache.santuario:xmlsec dependency into your project. Which means that you would not be affected by the related vulnerabilities, for example https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESANTUARIO-1655558. If you are using com.itextpdf.text.pdf.security.MakeXmlSignature class, for example for XFA signatures, then you can:

  • either use org.apache.santuario:xmlsec 1.5.8 as a dependency which is affected by the vulnerability specified above, but works on Java 5+;
  • or use org.apache.santuario:xmlsec 2.1.7 or newer. But this would require java 8+ and affects on the output format (see https://issues.apache.org/jira/browse/SANTUARIO-494).

We HIGHLY recommend customers use iText 7 for new projects, and to consider moving existing projects from iText 5 to iText 7 to benefit from the many improvements such as:

  • HTML to PDF (PDF/UA) conversion
  • PDF Redaction
  • SVG support
  • Better language support: Indic, Thai, Khmer, Arabic, Hebrew. (Close-source addon)
  • PDF Debugging for your IDE
  • Data Extraction
  • Better continued support and bugfixes
  • More modular, extensible handling of your document workflow
  • Extra practical add-ons
  • Encryption, hashing & digital signatures

iText 5 consists of several jars.

The main release contains:

  • itextpdf-x.y.z.jar: the core library
  • itext-xtra-x.y.z.jar: extra functionality (PDF 2!)
  • itext-pdfa-x.y.z.jar: PDF/A-related functionality
  • xmlworker-x.y.z.jar: XML (and HTML) functionality

iText 5 is hosted on https://github.com/itext/itextpdf

You can find the latest releases here:

  • http://github.com/itext/itextpdf/releases/latest

You can also build iText 5 from source.

We also have RUPS — a tool that can help you debug PDFs. It's hosted on http://github.com/itext/rups

iText is licensed as AGPL software.

AGPL is a free / open source software license.

This doesn't mean the software is gratis!

Buying a license is mandatory as soon as you develop commercial activities distributing the iText software inside your product or deploying it on a network without disclosing the source code of your own applications under the AGPL license. These activities include:

  • offering paid services to customers as an ASP
  • serving PDFs on the fly in the cloud or in a web application
  • shipping iText with a closed source product

Contact sales for more info: http://itextpdf.com/sales