docx4j 11.5.14 and -ImportXHTML 11.5.14 released

(The open source Java library for manipulating docx files)
Post a reply

docx4j 11.5.14 and -ImportXHTML 11.5.14 released

Postby jason » Tue Jun 02, 2026 2:30 pm

docx4j 11.5.14 is now available.

This is an important security update because it addresses a potential denial of service attack against
an application that processes untrusted or erroneous docx files.

Thanks to https://github.com/Isopach for the report.

To get this release, please see https://www.docx4java.org/downloads.html

Changes in this release:

- PDF via FO: in multi-threaded environments, support use of a single FopFactory, configuring
fonts on a per-document basis, or a new FopFactory per export (if you prefer).

- Security update: Detect malformed documents containing cyclic styles.
Property docx4j.openpackaging.exceptions.CyclicStylesException.throw
controls whether the detector throws an exception or not.

docx4j-ImportXHTML 11.5.14 is also released:

- Align with docx4j 11.5.14 release; handle CyclicStylesException

- Bump org.apache.pdfbox deps from 3.0.5 to 3.0.7 to align with docx4j.
jason
 
Posts: 4085
Joined: Wed Mar 19, 2008 11:47 pm
Top
Post a reply

Return to docx4j

Who is online

Users browsing this forum: Google Adsense [Bot] and 110 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style by Marc Alexander © 2007 - 2010

phpBB SEO
cron

x