Hi,
we are using PDFBox in a web application which was recently subjected to a
penetration test. The tester found out that PDFBox is using 'Little CMS'
version 2.3.0, at least that's what the metadata of the generated PDF says:
===
$ exiftool test.pdf
[…]
Profile CCM Type : Little CMS
LittleCMS is bundled inside Java so the version being used depends on
your Java version and is not something PDFBox provides directly. So if
you are really using LittleCMS 2.3 you have a very old JDK running and
not done any updates to that.
With kind regards
Maruan
Am Dienstag, dem 07.11.2023 um
Thanks for your feedback.
The Java version I am currently using is corretto-11.0.21, so this is the
up-to-date version of Java 11.
Is the assumption correct that the metadata field 'Profile Version' reflects
the Little CMS version?
Kind regards, Florian
> Am 07.11.2023 um 16:34 schrieb sahy...@
Am Dienstag, dem 07.11.2023 um 16:59 +0100 schrieb Florian Schlittgen:
> Thanks for your feedback.
> The Java version I am currently using is corretto-11.0.21, so this is
> the up-to-date version of Java 11.
> Is the assumption correct that the metadata field 'Profile Version'
> reflects the Little
I don't think Profile Version 2.3.0 is the LittleCMS version.
At time of writing this, OpenJDK@11.0.21 corretto is at LCMS 2.15 per
https://github.com/corretto/corretto-11/tree/11.0.21.9.1/src/java.desktop/share/native/liblcms/
.
You may also be able to obtain the LCMS version by parsing the "leg
Maybe a JPEG / JPEG2000 within the PDF? Or some XMP data within the PDF?
Tilman
On 07.11.2023 16:59, Florian Schlittgen wrote:
Thanks for your feedback.
The Java version I am currently using is corretto-11.0.21, so this is the
up-to-date version of Java 11.
Is the assumption correct that the m
If the pen tester is relying in what the Exiftool reports, then they should
know that it is reporting the version of ICC color profile itself (as per the
version header field in the ICC file) - not the version of the ICC library
(lcms). Have them review the exiftool tool source code:
https://gi
Hi,
I noticed that PDFBox 3.0 was recently released, but I can't tell what
the status/roadmap is for PDF 2.0 and PDF/A-4 support.
Can someone in the know please let me know where we stand?
Thanks,
Gili
-
To unsubscribe, e-m
This is very helpful, thanks for clarification!
> Am 07.11.2023 um 23:45 schrieb Peter Wyatt :
>
> If the pen tester is relying in what the Exiftool reports, then they should
> know that it is reporting the version of ICC color profile itself (as per the
> version header field in the ICC file)
9 matches
Mail list logo
