Bump com.itextpdf:itext7-core from 7.1.16 to 8.0.5

[dependabot]

Bumps com.itextpdf:itext7-core from 7.1.16 to 8.0.5.

Release notes

Sourced from com.itextpdf:itext7-core's releases.

iText Core/Community 8.0.5

For our Q3 2024 release of your favorite open-source PDF library we’ve continued our work on refactoring the sign module, with further improvements to digital signatures thanks to a dedicated validation API.

The other big news is the addition of the CSS Grid Layout Module. Similar to the already supported Flexible Box Layout, it’s a powerful tool for controlling the sizing and positioning of boxes and their contents. However, while Flexbox is one-dimensional, Grid Layout is optimized for layouts where content alignment is desired in two dimensions.

We’ve also improved the handling of corrupted PDF documents, with more descriptive exception messages when iText encounters files with unreadable object streams, and other general improvements.

Built-in Signature Validation API

Eagle-eyed devs will have noticed we introduced a bunch of dedicated classes for the validation of digital signatures. We’ve been transferring and refactoring the existing validation logic into the validation.v1 package and adding additional classes for new functionality. The package will be renamed with the next major iText release, but the validation API itself is already completely functional, and available now for you to start using it.

In this release, we’ve added the SignatureValidator class, as well as the ValidationReport class. You can find information on their usage in the examples for this release on the iText Knowledge Base, or check out the Java and .NET signature validation examples which have been updated with this release.

In addition, the OCSPVerifier class has been deprecated as of this release, and you should use OCSPValidator instead. Check out the API links above to see all the validation-related goodies in this release!

Support multiple CRL distribution points per certificate

Previously CrlClientOnline was only capable of retrieving a single url per certificate. This was incorrect since the CRL Distribution Points certificate extension can specify multiple distribution points and thus multiple urls. Now an instance can be created using a certificate chain to retrieve a CRL list of multiple urls to be further used as revocation data.

Document Revision Comparisons

Following on from the support for parsing document revisions in the previous release, we’ve introduced mechanisms to validate document revisions at the DocumentRevisionsValidator level, based on the DocMDP and FieldMDP standards. As explained in the EU Digital Signature Service (DSS) documentation, DocMDP “defines access and modification permissions granted for a PDF document using a certification signature”, while FieldMDP “defines permission issued for modifications within form fields (including signature fields).”

Grid Layout Support

While Grid Layout is mainly a feature for use with our pdfHTML add-on, the main Grid layout logic is located in the iText Core layout module. Because pdfHTML makes heavy use of the layout module in order to render HTML elements, it’s technically possible for layout module users to use this new feature directly for greater fine-tuning of documents.

However, since we imagine most people will be using pdfHTML for template conversion, this is the current focus of the API design. Feedback is always welcome though, so let us know if direct usage with Core is something of interest to you.

Better Handling of Broken PDFs

PDF viewers which are only concerned about representing the contents of PDF documents visually can be more lenient with documents with structural errors. However, since iText needs to read and manipulate PDFs at the lowest possible level (i.e., the actual “syntax”) while adhering to the PDF ISO specification, it cannot simply ignore such broken (or “corrupt”) PDFs.

Errors in cross-reference (xref) tables are a common reason for corrupted PDF documents, and iText will now provide more detailed log information when xref tables need to be rebuilt.

In addition, if iText situations such as encounters circular references in xref tables which cannot be resolved, it will now throw specific and more descriptive PdfExceptions rather than a generic NullPointerException.

Pull Requests

A bumper release for pull requests this time round, with shoutouts going to p3p3pp3 for submitting a fix for the Deflate.cs code, and renlinch for a rewrite of the PdfHtmlHeaderAndFooter.java example. Finally, thanks go to our old friend MatthiasValvekens for a correction to XMP URI serialization in PDF/A and PDF/UA files.

Bug fixes and miscellaneous

For this release, we’ve reviewed how iText will attempt to resolve issues in documents and fixed some bugs where documents were modified without first taking into account the StrictnessLevel property.

A discrepancy in the Java and .NET implementations of RSASSA-PSS support was found where the algorithm parameters for .NET were being ignored, leading to an incorrect signature. This is now fixed.

Finally, we upgraded our testing framework from JUnit 4 to JUnit 5, and adapted our automated tests.

... (truncated)

Commits

• fc287bc [RELEASE] iText 8.0.5
• 7269b01 Revert "Update logback to 1.3.14, slf4j to 2.0.13"
• 8ea4324 [RELEASE] 8.0.5
• 7a057c9 Add negative indexes support in grid layout
• e0488e9 Support StructTreeRoot comparison, fix minor bugs
• c367aa5 Support continuous container for grid
• 413dbba Add missing copyright headers
• 67d7144 Improve producer line creation
• cecbc27 Make cipher field in AESCipher and AESCipherCBCnoPad thread safe
• 5a8f86d Support grid-gap, grid-column-gap and grid-row-gap and log unsupported proper...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)