Releases: py-pdf/pypdf
Releases · py-pdf/pypdf
Release list
Version 6.14.2, 2026-06-23
What's new
Security (SEC)
- Avoid infinite loops for incomplete ASCII85 and ASCIIHex inline images (#3892) by @stefan6419846
Version 6.14.1, 2026-06-23
What's new
Security (SEC)
- Detect end of stream during inline image end marker detection (#3891) by @stefan6419846
Version 6.14.0, 2026-06-22
What's new
Security (SEC)
- Apply general limit for requested image size (#3888) by @stefan6419846
- Speed up recovery when reading broken cross-reference table (#3887) by @stefan6419846
New Features (ENH)
- Check whether image is displayed on a given page (#3738) by @andreasntr
Robustness (ROB)
- Several fixes by @metsw24-max
Version 6.13.3, 2026-06-17
What's new
Security (SEC)
- Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871) by @stefan6419846
Performance Improvements (PI)
- Avoid per-pixel getpixel loop for 1-bit indexed images (#3854) by @Samuel-Harris
Robustness (ROB)
- Several fixes by @metsw24-max
Maintenance (MAINT)
Version 6.13.2, 2026-06-10
What's new
Security (SEC)
- Detect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV (#3847) by @fredericoschardong
Robustness (ROB)
- Fix UnboundLocalError in _read_standard_xref_table on a malformed entry (#3841) by @joszamama
- Raise PdfStreamError on non-hexadecimal bytes in hex readers (#3832) by @metsw24-max
Version 6.13.1, 2026-06-08
What's new
Security (SEC)
- Prevent infinite loops when processing threads/articles (#3839) by @stefan6419846
Version 6.13.0, 2026-06-05
What's new
Security (SEC)
- Avoid infinite loops for outlines and text extraction (#3830) by @stefan6419846
New Features (ENH)
- Add Japanese predefined CMaps (#3800) by @yasuhiroiwaki
- Font: Collect all character widths, not only those that can be unicode mapped (#3798) by @PJBrs
Robustness (ROB)
- Recover a corrupt trailing startxref pointer (closes #3238) (#3826) by @gaoflow
- Handle /Pages node without /Kids during flattening (#3825) by @gaoflow
- Accept inline image EI marker at the end of a content stream (#3827) by @gaoflow
Maintenance (MAINT)
- Type the always-raising deprecation helpers as
NoReturn(#3819) by @estelledc
Version 6.12.2, 2026-05-26
What's new
Security (SEC)
- Optimize _decode_png_prediction regarding memory and speed (#3806) by @stefan6419846
- Improve loop control in text extraction (#3805) by @stefan6419846
Version 6.12.1, 2026-05-22
What's new
Security (SEC)
- Limit input size and element count for XMP metadata (#3796) by @stefan6419846
Robustness (ROB)
- Prevent cyclic parent hierarchies for inherited dictionaries (#3795) by @stefan6419846
- Deal with invalid first code in LZW decoder (#3794) by @stefan6419846
Version 6.12.0, 2026-05-21
What's new
Security (SEC)
- Disallow cross-reference streams with zero-only width values (#3791) by @stefan6419846
- Avoid excessive whitespace in layout mode text extraction (#3790) by @stefan6419846
New Features (ENH)
- Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780) by @adityamoolya
- CID font resource from font file to encode more characters (#3652) by @PJBrs
Performance Improvements (PI)
Bug Fixes (BUG)
Robustness (ROB)
Documentation (DOC)
- Block encrypting writer in incremental mode (#3789) by @stefan6419846