iText Core/Community 9.3.0

For this Q3 release of iText Core we’ve further enhanced iText’s digital signature validation by adding support for the official EU eIDAS Trusted Lists.

EU Trusted Lists in Validation

Furthering our efforts to make developers' lives easier when dealing with PDF digital signatures, we’re pleased to announce that iText now supports retrieval, validation, and usage of the EU’s List of Trusted Lists (LOTL). This greatly simplifies the process of establishing a chain of trust for electronic signatures, and helps ensure that signatures validated with iText meet stringent European standards for trust and authenticity..

For those unaware, the LOTL is a central, signed XML file containing links to trusted lists from EU and EEA Member States. These Member State lists identify both trust service providers and the trust services they offer; e.g. digital signatures and seals. The LOTL is an official resource which aids achieving compliance with EU eIDAS regulations. Previously, you would need to manually provide the trusted certificates to use for validation with iText; which is still possible, but is less convenient. Now, iText will retrieve, parse, and validate the LOTL to provide the root trusted certificates for you.

For security reasons, rather than expect iText to repeatedly retrieve the trusted certificates to validate the LOTL from the Internet, we instead provide a specialized repository which has the required certificates pre-downloaded. This can be found on GitHub, or alternatively on Maven and NuGet.

You can find full details on this implementation and its usage linked in the release notes on the iText Knowledge Base.

Thread Safety Improvements

Internal updates have improved thread safety across key components, making iText Core more robust in multithreaded environments. This is especially beneficial for developers building scalable, concurrent applications.

Pull Requests

We’d like to thank SangeethaDivya for their contribution to remove duplicate constants on .NET, which we used as a basis for a Java reimplementation and ported it to .NET. Thanks also to craffael who fixed a typo in the PDFA-1 checking code which led to documents with no device-dependent color spaces failing the checks.

Bug Fixes and Miscellaneous

A bug in PDF 2.0 structure destinations has been fixed, improving how tagged content is linked and navigated when converting from HTML. This is now more in line with the PDF 2.0 and PDF/UA-2 specifications and is particularly useful for accessibility and structured document workflows.

We’ve also fixed an issue related to color depth support in PDF image data streams, which would result in an com.itextpdf.io.exceptions.IOException: The color depth 1 is not supported. error.

We’ve also resolved a StackOverflowException resulting from invalid PDFs with cyclic references in the trailer dictionary, improving robustness and error handling.

Other Stuff

As always, you can see the Changelog below to see the full rundown on what’s new in Core, and details of other improvements and bug fixes for this release.

Java

• https://github.com/itext/itext-publications-examples-java
• https://github.com/itext/itext-publications-book-java
• https://github.com/itext/itext-publications-signing-examples-java
• https://github.com/itext/itext-publications-signatures-java
• https://github.com/itext/itext-publications-highlevel-java
• https://github.com/itext/itext-publications-jumpstart-java

.NET

• https://github.com/itext/itext-publications-samples-dotnet

NOTE: If you want to create ZUGFeRD/Factur-X-e-invoices with iText Core, we have both Java and .NET code samples available targeting the current ZUGFeRD/Factur-X specification. They demonstrate how to embed the XML invoice data and add the metadata required for conformance.

Bear in mind that our master branch contains samples for the current stable release, while the default develop branch is for the bleeding edge commits towards the next release.

New features

• DEVSIX-9161 – EU Trusted Lists in Validation.

Improvements

• DEVSIX-9277 – Optimized .NET Metadata parsing.
• DEVSIX-9019 – Improved thread safety in the core library.
• DEVSIX-8596 – Advances compatibility with MAUI and .NET deployment models.

Bug fixes

• DEVSIX-9203 – Stack Overflow fix when opening certain PDFs.
• DEVSIX-8614 – Fixed issues with unsupported 1-bit color depths.
• DEVSIX-8864 – PDF/UA-2 Destination Support.

Contributors

We’d like to shout out the following contributors for this anniversary release:

• Core team
  • Eugene Bochilo
  • Dmitry Chubrick
  • Angelina Pavlovets
  • Alexandr Pliushchou
  • Vitali Prudnikovich
  • Dmitry Radchuk
  • Andrei Stryhelski
  • Nanou Persoons
  • Glenn Volckaert
  • Alexandr Fedorov
  • Guust Ysebie
  • Yulian Gaponenko
  • Raf Hens
• Product / Marketing
  • André Lemos
  • Ian Morris
• Infrastructure / Devops
  • Marco Andries
  • Yauheni Borbut
• Research
  • Michaël Demey
  • Vlad Lipskiy
• Input from other teams
  • Rainer Plöckl
  • Alison Anderson
• Input from outside
  • Michael Klink
  • Matthias Valvekens